YouTube Transcript:
Google Cloud Associate Cloud Engineer Course - Pass the Exam!

Skip watching entire videos - get the full transcript, search for keywords, and copy with one click.

AutoDub

Understand YouTube Foreign Videos

Immersive YouTube Voice Translation

Break language barriers, embrace global quality content

Solve Foreign Video Barriers Instantly

Video Transcript

Video Summary

Summary Requirements

Core Theme: This content is a comprehensive study guide for the Google Cloud Associate Cloud Engineer certification, covering essential Google Cloud services, best practices, and practical demonstrations. It aims to equip learners with the knowledge and skills needed to pass the exam and secure cloud-related jobs.
Key Points:
- Course Structure: The course is delivered through lectures, follow-along labs, and cheat sheets, focusing on practical application and exam preparation.

Mind Map

Click to expand

Click to explore the full interactive mind map • Zoom, pan, and navigate

hey this is anthony tavelos your cloud

instructor at exam pro

bringing you a complete study course for

the google cloud associate cloud

engineer made available to you here on

free code camp and so this course is

designed to help you pass and achieve

google issued certification the way

we're going to do that

is to go through lots of lecture content

follow alongs and using my cheat sheets

on the day of the exam so you pass

and you can take that certification and

put it on your resume or linkedin

so you can get that cloud job or

promotion that you've been looking for

and so a bit about me is that i have 18

years industry experience

seven of it specializing in cloud and

four years of that as a cloud trainer i

previously been a cloud and devops

engineer and i've also published

multiple cloud courses and i'm a huge

fan of the cartoon looney tunes as well

as a coffee connoisseur and so i wanted

to take a moment to thank viewers like you

you

because you make these free courses

possible and so if you're looking for

more ways of supporting more free

courses just like this one

the best way is to buy the extra study

material at

co example.com in particular for this

certification you can find it at gcp

hyphen ace there you can get study notes

flash cards quizlets

downloadable lectures which are the

slides to all the lecture videos

downloadable cheat sheets which by the

way are free if you just go sign up

practice exams

and you can also ask questions and get

learning support and if you want to keep

up to date with new courses i'm working on

the best way is to follow me on twitter

at antony's cloud

and i'd love to hear from you if you

passed your exam

and also i'd love to hear on what you'd

like to see next [Music]

[Music]

welcome back

in this lesson i wanted to quickly go

over how to access the course resources

now the resources in this course are

designed to accompany the lessons and

help you understand not just the theory

but to help with the demo lessons that

really drive home the component of

hands-on learning

these will include study notes lesson

files scripts as well as resources that

are used in the demo lessons

these files can be found in a github

repository that i will be including

below that are always kept up-to-date

and it is through these files that you

will be able to follow along and

complete the demos on your own to really

cement the knowledge learned

it's a fairly simple process but varies

through the different operating systems

i'll be going through this demo to show

you how to obtain access through the

three major operating systems being

windows mac os and ubuntu linux

so i'm first going to begin with windows

and the first step would be to open up

the web browser

and browse to this url which i will

and this is the course github repository

which will house all the course files

that i have mentioned before

keeping the course up to date will mean

that files may need to be changed and so

as i update them they will always be reflected

reflected

and uploaded here in the repo

so getting back to it there are two ways

to access this repository so the easiest

way to obtain a copy of these files will

be to click on the clone or download

button and click on download zip

once the file has been downloaded you

can then open it up by clicking on it here

here

and here are the files here in downloads

and this will give you a snapshot of all

the files and folders as you see them

from this repository

now although this may seem like the

simple way to go this is not the

recommended method to download as if any

files have changed you will not be up to

date with the latest files and will only

be current from the date at which you've

downloaded them now the way that is

recommended is using a source control

system called git and so the easiest way

to install it would be to go to this url https

https

colon forward slash forward slash

git dash scm.com

and this will bring you to the git

website where you can download the

necessary software for windows or any

other supported operating system

and so i'm going to download it here

and this should download the latest

version of git

for windows and it took a few seconds

there but it is done

and no need to worry about whether or

not you've got the proper version

usually when you click that download

button it will download the latest

version for your operating system

so i'm going to go over here and open

you'll get a prompt where you would just

say yes

and we're going to go ahead and accept

all the defaults here this is where it's

going to install it let's hit next

these are all the components that

they're going to be installed let's

click on next

and again we're going to go through everything

everything

with all the defaults

and once we've reached

installing all the defaults it's gonna

take a couple minutes to install

and again it took a minute or so

we're going to just click on next

and it's going to ask if you want to

view the release notes and we don't

really need those so

we can click on ok

and simply close that

and we're just going to go over and see

if git is installed

and i'm going to just zoom in here so we

can see a little better

and there we go and we are just going to

type in git

and as you can see it's been installed

and so now that we've installed git we

want to be able to pull down all the

folders and the files within them from

the repository to our local system and

so i'm just going to clear the screen here

here

and we're going to do a cd to make sure

that i'm in my home directory

and then we're going to make a directory

called repos

and in order to do that we're going to

do mkdir space

space

repos and then we're going to move into

that directory

so cd

space repos and so again here we want to

clone those files that are in the

repository to our local system

so in order to do that we're going to

use the command git clone so get space clone

clone

and then we're going to need our

location of the git repository so let's

go back to the browser

and we're going to go over here to clone

or download

and here you will see clone with https

so make sure that this says https and

you can simply click on this button

which will copy this to the clipboard

and then we'll move back to our command prompt

prompt

and paste that in

and once that's pasted just hit enter

and it will clone your repository into

the repos directory and so just to

verify that we've cloned all the

necessary files

we're going to cd into the master

and we're going to do a dir

and there you have it all of the files

are cloned exactly as it is here in the repository

repository

now just as a note in order to keep

these files up to date we need to run a

different command which would be a git pull

pull

and this can be run at any time in order

to pull down any files or folders that

have been updated since you did the

first pull which in this case

would be cloning of the repository

again this will provide you with the

latest and most up-to-date files at any

given moment in time and in this case

since nothing has changed i have been

prompted with a message stating that i'm

up to date if nothing is changed you

will always be prompted with this message

message

if there was

it will pull your changes down to your

synced local copy and the process for

windows is completed and is similar in

mac os and i'll move over to my mac os

virtual machine and log in

and once you've logged in just going to

go over here to the terminal and i'm

just going to cd

to make sure i'm in my home directory

then i'm going to do exactly what we did

in windows so i'm going to run the

command mk dir

dir

space repos

and create the repos directory and i'm

going to move in to the repos directory

and then i'm going to run git

now for those of you who do not have get

installed you will be prompted with this

message to install it and you can go

ahead and just install you'll be

prompted with this license agreement you

can just hit agree

and depending on your internet

connection this will take a few minutes

to download and install so as this is

going to take a few minutes i'm going to

pause the video here and come back when

it's finished installing

okay and the software was successfully installed

installed

so just to do a double check i'm going

to run git

and as you can see it's been installed

so now that we have git installed we

want to clone all the directories and

the files from the github repository to

our local repos folder so i'm going to

open up my browser and i'm going to

paste my github repository url right here

here and

and

you'll see the clone button over here so

we're going to click on this button

and here we can download zip but like i

said we're not going to be doing that

we're going to go over here

and copy this url for the github

repository again make sure it says https

and we're going to copy this to our clipboard

clipboard

and we're going to go back to our terminal

terminal

and we are going to

run the command git space clone

and as you can see here i've cloned the

repository and all the files and folders

within it and so as is my best practice

i always like to verify that the files

have been properly cloned and so i'm

going to run the command ls

just to make sure and go into the master directory

directory

and do a double check and as you can see

the clone was successful as all the

files and folders are here and again to

download any updates to any files or

directories we can simply run the

command git space poll and because we've

already cloned it it's already up to

date and so the process is going to be

extremely similar on linux so i'm going

to simply move over to my linux machine

and log in

i'm going to open up a terminal

and i'm going to make my terminal a

little bit bigger for better viewing and

so like the other operating systems i

want to clone all the files and

directories from the github repository

to my machine and so i'm going to cd

here to make sure i'm in my home

directory and like we did before we want

to create a directory called repos so

i'm going to run the command mkdir space

repos and we're going to

create the repos directory we're now

going to move into the repos directory

and here we're going to run the git command

command

and because git is not installed on my

machine i've been prompted with the

command in order to install it so i'm

going to run that now so the command is sudo

sudo space

space apt

apt space

space install

install space

space get

get

and i'm going to enter in my password

and just to verify i'm going to run the

command git and i can see here it's been

installed so now i'm going to go over

here to my browser and i'm going to

paste in the url to my repository and

over here we'll have the same clone

button and when i click on it i can get

the url for the github repository in

order to clone it again make sure before

you clone that this says https

if it doesn't say https you'll have the

option of clicking on a button that will

allow you to do so once it says https

then you can simply copy this url to

your clipboard by clicking on the button

and then move over back to the terminal

and we are going to clone this

repository by typing in the get space

clone command

along with the url of the repository

and when we hit enter it'll clone it

right down to our directory so i'm just

going to move into the master directory

and again they're all here so again if

you're looking to update your repository

with any new updated changes you can

simply run

the get space pull command

to update those files

and so that's the linux setup so you

have a local copy of the lesson files

now there's just one more thing that i

highly recommend you do and to

demonstrate it i'm going to move back

over to my windows virtual machine now

i'm going to open up the web browser again

again

open up a new tab

https colon forward slash forward slash code.visualstudio.com

code.visualstudio.com [Music]

and i'll make sure that the url is in

the text below there is a version of

this code editor available for windows

mac os and linux you can simply click on

this drop down and you'll find the link

to download it for your operating system

but in most cases it should

automatically show the correct version

and it should start downloading

automatically and you should be able to

now the reason behind me asking you to

install this utility is for editing code

of different sorts

whether you're adjusting yaml or python

documents for deployment manager

or even managing scripts

a code editor will give you the ease of

use when it comes to managing editing

and even syntactical highlighting of

code as shown here below

it will highlight the code to make it

easier to understand now if you have

your own editor that you would prefer to

use go ahead and use that but for those

that don't my recommendation will be to

use visual studio code so to install

visual studio code we're just going to

accept this license agreement

and then we're going to click on next

and we're just going to follow all the defaults

to install it

it's going to take a minute or two

and for those running windows you want

to make sure that this box is checked

off so that you can launch it right away

another recommendation would be to go

over here to the task bar so you can pin

it in place so that it's easier to find

and so now you have access to all the

resources that's needed for this course

but with that that's everything that i

wanted to cover for this lesson so you

can now mark this lesson as complete and

let's move on to the next one [Music]

[Music]

welcome back and in this lesson i wanted

to discuss the various certifications

available for google cloud as this

number keeps on growing and i am looking

to keep this lesson as up to date as

possible so with that being said let's

dive in

now google cloud has released a slew of

certifications in many different areas

of expertise as well as different

experience levels

now there are two levels of difficulty

when it comes to the google cloud

certifications starting off with the

associate level we see that there is

only the one certification which is the

cloud engineer the associate level

certification is focused on the

fundamental skills of deploying

monitoring and maintaining projects on

google cloud this is a great starting

point for those completely new to cloud

and google recommends the associate

cloud engineer as the starting point to

undergoing your certification journey

this was google cloud's very first

certification and to me was the entry

point of wanting to learn more as an

engineer in cloud in my personal opinion

no matter your role this certification

will cover the general knowledge that is

needed to know about starting on google

cloud and the services within it which

is why i labeled it here as the

foundational level course i also

consider this the stepping stone

into any other professional level

certifications which also happens to be

a recommended path by google with a

great course and some dedication i truly

believe that anyone with even a basic

skill level in it should be able to

achieve this associate level

certification now it is recommended from

google themselves that prior to taking

this exam that you should have over six

months experience building on google

cloud for those of you with more of an

advanced background in google cloud or

even other public clouds this

certification should be an easy pass as

it covers the basics that you should be

familiar with adding a google twist to

it at the time of this lesson this exam

is two hours long and the cost is 125 us

dollars the exam is a total of 50

questions which consists of both

multiple choice and multiple answer

questions each of the questions contain

three to four line questions with single

line answers that by the time you finish

this course you should have the

confidence to identify the incorrect answers

answers

and be able to select the right answers

without a hitch moving into the

professional level certifications there

are seven certifications that cover a

variety of areas of specialty depending

on your role you might want to take one

or maybe several of these certifications

to help you gain more knowledge in

google cloud or if you love educating

yourself and you're really loving your

journey in gcp you will probably want to

consider pursuing them all in my

personal opinion the best entry point

into the professional level would be the

cloud architect it is a natural step up

from the associate cloud engineer and it

builds on top of what is learned through

that certification with a more detailed

and more thorough understanding of cloud

architecture that is needed for any

other certification there is some

overlap from the cloud engineer which is

why in my opinion doing this

certification right after makes sense it

also brings with it the ability to

design develop and manage secure

scalable and highly available dynamic

solutions it is a much harder exam and

goes into great depth on services

available the professional cloud

architect is a great primer for any

other professional level certification

and can be really helpful to solidify

the learning that is needed in any other

technical role i find it the most common

path that many take who look to learn

google cloud which is why i personally

recommend it to them and at the time of

this lesson it also holds the highest

return on investment

due to the highest average wage over any

other current cloud certification in the

market google recommends over three

years of industry experience including

one year on google cloud before

attempting these exams with regards to

the exams in the professional tier they

are much harder than the associate level

and at the time of this course is two

hours long and the cost is 200 us

dollars these exams are a total of 50

questions which consists of both

multiple choice and multiple answer

questions it's the same amount of

questions with the same amount of time

but it does feel much harder each of the

questions contain four to five line

questions with one to three line answers

it's definitely not a walk in the park

and will take some good concentration

and detailed knowledge on google cloud

to solidify a pass after completing the

cloud architect certification depending

on your role my suggestion would be to

pursue the areas that interest you the

most to make your journey more enjoyable

for me at the time i took the security

engineer out as i am a big fan of

security and i knew that i would really

enjoy the learning and make it more fun

for me this is also a great

certification for those who are looking

to excel their cloud security knowledge

on top of any other security

certifications such as the security plus

or cissp

now others may be huge fans of

networking or hold other networking

certifications such as the ccna and so

obtaining the network engineer

certification might be more up your

alley and give you a better

understanding in cloud networking now if

you're in the data space you might want

to move into the data engineer exam as

well as taking on the machine learning

engineer exam to really get some deeper

knowledge in the areas of big data

machine learning and artificial

intelligence on google cloud now i know

that there are many that love devops me

being one of them and really want to dig

deeper and understand sre and so they

end up tackling the cloud developer and

cloud devops engineer certifications so

the bottom line is whatever brings you

joy in the area of your choosing start

with that and move on to do the rest all

the professional certifications are

valuable but do remember that they are

hard and need preparation for study last

but not least is the collaboration

engineer certification and this

certification focuses on google's core

cloud-based collaboration tools that are

available in g suite or what is now

known as google workspaces such as gmail

drive hangouts docs and sheets now the

professional level collaboration

engineers certification dives into more

advanced areas of g suite such as mail

routing identity management and

automation of it all using tools

scripting and apis

this certification is great for those

looking to build their skill set as an

administrator of these tools but gives

very little knowledge of google cloud

itself so before i move on there is one

more certification that i wanted to

cover that doesn't fall under the

associate or professional certification

levels and this is the google cloud

certified fellow program

now this is by far

one of the hardest certifications to

obtain as there are very few certified

fellows at the time of recording this

lesson it is even harder than the

professional level certifications and

this is due to the sheer level of

competency with hybrid multi-cloud

architectures using google cloud anthos

google's recommended experience

is over 10 years with a year of

designing enterprise solutions with

anthos then a four-step process begins

first step is to receive a certified

fellow invitation from google and once

you've received that invitation then you

need to submit an application with some

work samples that you've done

showing google your competency in hybrid

multi-cloud once that is done the third

step is a series of technical hands-on

labs that must be completed and is a

qualifying assessment that must be

passed in order to continue and after

all that the last step is a panel

interview done with google experts in

order to assess your competency of

designing hybrid and multi-cloud

solutions with anthos so as you can see

here this is a very difficult and highly

involved certification process

to achieve the title of certified fellow

this is definitely not for the faint of

heart but can distinguish yourself as a

technical leader in anthos and a hybrid

multi-cloud expert in your industry now

i get asked many times whether or not

certifications hold any value are they

easy to get are they worth more than the

paperwork that they're printed on and

does it show that people really know how

to use google cloud and my answer is

always yes as the certifications hold

benefits beyond just the certification

itself and here's why targeting yourself

for a certification gives you a

milestone for learning something new

with this new milestone it allows you to

put together a study plan in order to

achieve the necessary knowledge needed

to not only pass the exam but the skills

needed to progress in your everyday

technical role this new knowledge helps

keep your skills up to date therefore

making you current instead of becoming a

relic now having these up-to-date skills

will also help advance your career

throughout my career in cloud i have

always managed to get my foot in the

door with various interviews due to my

certifications it gave me the

opportunity to shine in front of the

interviewer while being able to

confidently display my skills in cloud

it also allowed me to land the jobs that

i sought after as well as carve out the

career path that i truly wanted on top

of landing the jobs that i wanted i was

able to achieve a higher salary due to

the certifications i had i have doubled

and tripled my salary since i first

started in cloud all due to my

certifications and i've known others

that have obtained up to five times

their salary because of their

certifications now this was not just

from achieving the certification to put

on my resume and up on social media but

from the knowledge gained through the

process and of course i personally feel

that having your skills constantly up to date

date

advancing your career and getting the

salary that you want keeps you motivated

to not only get more certifications but

continue the learning process i am and

always have been a huge proponent of

lifelong learning and as i always say

when you continue learning you continue

to grow so in short google cloud

certifications are a great way to grow

and so that about covers everything that

i wanted to discuss in this lesson so

you can now mark this lesson as complete

and i'll see you in the next one [Music]

[Music]

welcome back

and in this lesson i'm going to be

talking about the fictitious

organization called bow tie inc that i

will be using throughout the course

now while going through the

architectures and demos in this course

together i wanted to tie them to a real

world situation

so that the theory and practical

examples are easy to understand

tying it to a scenario is an easy way to

do this as well it makes things a lot

more fun

so the scenario again

that i will be using is based on bow tie ink

ink

so before we get started with the course

i'd like to quickly run through the scenario

scenario

and don't worry it's going to be very

high level and i will keep it brief

so bow tie ink is a bow tie

manufacturing company that designs and

manufactures bow ties within their own factories

factories

they also hold a few retail locations

where they sell their bow ties as well

as wholesale to other thai and men's

fashion boutiques and department stores

across the globe

being in the fashion business

they mainly deal with commerce security

and big data sets

bow tie inc is a global company and they

are headquartered in montreal canada

they employ about 300 people globally

with a hundred of them being in sales

alone to support both the brick and

mortar stores and wholesale branches

there are many different departments to

the company that make it work such as

in-store staff i.t

i.t

marketing for both in-store and online sales

sales

manufacturing finance and more

the types of employees that work in bow

tie inc vary greatly due to the various

departments and consists of many people

such as sales for both in-store and

wholesale managers that run the stores

and sewers that work in the

manufacturing plant

and many more that work in these various departments

departments

the business has both offices

and brick and mortar stores

in montreal

london and los angeles

now due to the thrifty mindset of

management concentrating all their

efforts on commerce and almost none in

technical infrastructure has caused

years of technical debt

and is now a complete disaster

within the brick and mortar location

there contains two racks with a few

servers and some networking equipment

the global inventory of bow ties are

updated upon sales in both stores

and wholesale as well as new stock that

has been manufactured from the factory

there are point-of-sale systems in each

store or office location

these systems are all connected to each

other over a vpn connection in order to

keep updates of the inventory fresh

all office and store infrastructure are

connected to each other and the montreal headquarters

headquarters

and the point of sale systems and kiosk

systems are backed up to tape in the

montreal headquarters as well and like i

said before

management is extremely thrifty but they

have finally come to the realization

that they need to start spending money

on the technical infrastructure in order

to scale so diving into a quick overview

of exactly what the architecture looks

like the head office is located in

montreal canada

it has its main database for the crm and

point-of-sale systems

as well as holding the responsibility of

housing the equipment for the tape

backups the tapes are then taken off

site within montreal by a third-party

company for storage

the company has two major offices one in

london covering the eu

and the other in the west coast us

in los angeles these major offices

are also retail locations that consume

i.t services from the headquarters in

montreal again being in the fashion

business bowtie inc employs a large

amount of sales people and the managers

that support them

these employees operate the

point-of-sale systems so we're

constantly looking to have the website

sales and the inventory updated at all

times each salesperson has access to

email and files for updated forecasts on

various new bowtie designs

most sales people communicate over a

voice over ip phone and chat programs

through their mobile phone the managers

also manually look at inventory on

what's been sold

versus what's in stock

to predict the sales for stores in

upcoming weeks

this will give manufacturing a head

start to making more bow ties for future sales

sales

now whatever implementations that we

discuss throughout this course

we'll need to support the day-to-day

operations of the sales people and the managers

managers

and because of the different time zones

in play

the back-end infrastructure needs to be available

available

24 hours a day seven days a week

any downtime will impact updated

inventory for both online sales as well

as store sales at any given time

now let's talk about the current

problems that the business is facing

most locations hold on premise hardware

that is out of date and also out of warranty

warranty

the business looked at extending this

warranty but became very costly as well

management is on the fence about whether

to buy new on-premise hardware or just

move to the cloud they were told that

google cloud is the way to go when it

comes to the retail space and so are

open to suggestions

yet still very weary now when it comes

to performance there seems to be a major

lag from the vpn connecting from store

to store

as well as the head office that's

responsible for proper inventory

thus slowing down the point of sale

systems and to top it all off

backups taking an exorbitant amount of time

time

is consuming a lot of bandwidth with the

current vpn connection now bowtie inc

has always struggled with the lack of

highly available systems and scalability

due to cost of new hardware this is

causing extreme stress for online

e-commerce whenever a new marketing

campaign is launched

as the systems are unable to keep up

with the demand

looking at the forecast for the next two

quarters the business is looking to open

up more stores in the eu

as well as in the us

and with the current database in place

providing very inefficient high

availability or scalability

there is a major threat of the main

database going down

now when it comes to assessing the

backups the tape backups have become

very slow especially backing up from

london and the off-site storage costs

continuously go up every year

the backups are consuming a lot of

bandwidth and are starting to become the

major pain point

for connection issues between locations

on top of all these issues the small it

staff that is employed have outdated i.t

skills and so there is a lot of manual

intervention that needs to be done

to top it all off all the running around

that is necessary to keep the outdated

infrastructure alive

management is also now pushing to open

new stores to supply bow ties globally

given the ever-growing demand

as well as being able to supply the

demand of bow ties online through their

e-commerce store

now these are some realistic yet common

scenarios that come up in reality for a

lot of businesses that are not using

cloud computing

and throughout the course we will dive

into how google cloud can help ease the pain

pain

of these current ongoing issues

now at a high level with what the

business wants to achieve and what the

favorable results are

they are all interrelated issues so

bowtie inc requires a reliable and

stable connection between all the

locations of the stores and offices

so that sales

inventory and point-of-sale systems are

quick and up-to-date at all times

this will also allow all staff in these

locations to work a lot more efficiently

with a stable and reliable connection in place

place

backups should be able to run smoothly

and also eliminate the cost of off-site backup

backup

not to mention the manpower and

infrastructure involved to get the job done

done

while scaling up offices and stores due

to increase in demand

the business should be able to deploy

stores in new regions using pay as you

go billing while also meeting the

requirements and regulations when it

comes to gpdr and pci

this would also give the business

flexibility of having a disaster

recovery strategy in place

in case there was a failure of the main

database in montreal now as mentioned

before the business is extremely thrifty

especially when it comes to spend on it infrastructure

infrastructure

and so the goal is to have the costs as

low as possible yet having the

flexibility of scaling up when needed

especially when new marketing campaigns

are launched during high demand sales periods

periods

this would also give bowtie inc the

flexibility of analyzing sales ahead of time

time

using real-time analytics and catering

to exactly what the customer is demanding

demanding

thus making inventory a lot more

accurate and reducing costs in

manufacturing items that end up going on

sale and costing the company money in

the end

finally when it comes to people

supporting infrastructure automation is key

key

removing manual steps and a lot of the

processes can reduce the amount of

manpower needed to keep the

infrastructure alive

and especially will reduce downtime when

disaster arises

putting automation in place will also

reduce the amount of tedious tasks that

all departments have on their plate

so that they can focus on more important

business needs

now that's the scenario at a high level

i wanted to really emphasize that this

is a typical type of scenario that you

will face as a cloud engineer and a

cloud architect

the key to this scenario is the fact

that there are areas that are lacking in detail

detail

and areas that are fully comprehensible

and this will trigger knowing when and

where to ask relevant questions

especially in your day-to-day role as an engineer

engineer

it will allow you to fill the gaps so

that you're able to figure out what

services you will need and what type of

architecture to use

this is also extremely helpful when it

comes to the exam

as in the exam you will be faced with

questions that pertain to real life

scenarios that will test you in a

similar manner knowing what services and

architecture to use based on the

information given

will always give you the keys to the

door with the right answer and lastly

when it comes to the demos

this scenario used throughout the course

will help put things in perspective

as we will come to resolve a lot of

these common issues

real world scenarios can give you a

better perspective on learning as it is

tied to something that makes it easy to comprehend

comprehend

and again bow tie inc is the scenario

that i will be using throughout the

course to help you grasp these concepts

so that's all i have to cover this

scenario so you can now mark this lesson

as complete and let's move on to the

next one [Music]

[Music]

hey this is anthony cevallos and what i

wanted to show you here is where you can

access the practice exam on the exam pro platform

platform

so once you've signed up for your

account you can head on over to the course

course

and you can scroll down to the bottom of

the curriculum list and you will see the

practice exams here at the bottom

now just as a quick note

you should generally not attempt the

practice exam unless you have completed

all the lecture content including the

follow alongs as once you start to see

those questions you will get an urge to

start remembering these questions

and so i always recommend to use the

practice exam as a serious attempt

and not just a way to get to the final

exam at a faster pace taking your time

with the course

will allow you to really prevail through

these practice exams and allow you for a

way better pass rate on the final exam

looking here we can see two practice

exams with 50 questions each and so i

wanted to take a moment here and dive

into the practice exam

and show you what some of these

questions will look like and so clicking

into one of these exams we can get right

into it and so as you can see i've

already started on practice exam one and

so i'm going to click into that right

now and as you can see the exam is

always timed and in this case will be

120 minutes for this specific exam there

are 50 questions for this practice exam

and you will see the breakdown in the

very beginning

of the types of questions you will be

asked now for the google cloud exams at

the associate level they are usually

structured in a common format

they generally start with one or two

lines of sentences which will typically

represent a scenario followed by the

question itself this question tends to

be brief and to the point immediately

following that you will be presented

with a number of answers

usually four or five in nature and can

sometimes be very very technical as they

are designed for engineers like asking

about which gcloud commands to use to

execute in a given scenario as well as

theoretical questions that can deal with

let's say best practices or questions

about the specific services themselves

now these answers will come in two

different styles either multi-choice or

multi-select the multi-choice is usually

about identifying the correct answer

from a group of incorrect or less

correct answers whereas the multi-select

will be about choosing multiple correct

solutions to identify the answer as well

for this associate exam the overall

structure is pretty simple in nature and

typically will be either right or wrong

now sometimes these questions can get

tricky where there are multiple possible answers

answers

and you will have to select the most

suitable ones

now although most of these types of questions

questions

usually show up in the professional exam

they can sometimes peek their heads into

the associate and so a great tactic that

i always like to use is to immediately

identify what matters in the question itself

itself

and then to start ruling out any of the

answers that are wrong and this will

allow you to answer the question a lot

more quickly and efficiently as it will

bring the more correct answer to the

surface as well as making the answer a

lot more obvious

and making the entire question less

complex so for instance with this

question here you are immediately asked

about google's recommended practices

when it comes to using cloud storage as

backup for disaster recovery and this

would be for a specific storage type and

so quickly looking at the answers you

can see that standard storage and near

line storage will not be part of the

answer and so that will leave cold line

storage or archive storage as the two

possible choices

for the answer of this question and so

these are the typical techniques that i

always like to use

for these exams and so provided that

you've gone through all the course

content you will be able to answer these

technical questions with ease and

following the techniques i've just given

and applying them to each question

can really help you in not only this

practice exam but for the final exam

landing you a passing grade getting you certified

certified [Music]

[Music]

welcome back and in this section i

wanted to really hone in on the basics

of cloud computing the characteristics

that make it what it is

the different types of computing

and how they differ from each other as

well as the types of service models now

in this lesson i wanted to dive into the

definition of cloud computing and the

essential characteristics that define it

now for some advanced folk watching this

this may be a review

and for others

this may fulfill a better understanding

on what is cloud now cloud is a term

that is thrown around a lot these days

yet holds a different definition or

understanding to each and every individual

individual

you could probably ask 10 people on

their definition of cloud and chances are

are

everyone would have their own take on it

many see cloud as this abstract thing in

the sky

where files and emails are stored but

it's so much more than that

now the true definition of it can be put

in very simple terms

and can be applied to any public cloud

being google cloud aws

aws

and azure

moving on to the definition

cloud computing is the delivery of a

shared pool of on-demand computing

services over the public internet

that can be rapidly provisioned

and released

with minimal management effort or

service provider interaction

these computing services

consist of things like servers storage

storage

networking and databases they can be

quickly provisioned and accessed from

your local computer

over an internet connection now coupled

with this definition are five essential

characteristics that define the cloud

model that i would like to go over with

you and i believe that it would hold

massive benefits to understanding when

speaking to cloud this information can

be found in the white paper published by

the national institute of standards and

technology i will include a link to this

publication in the lesson notes for your

review now these essential

characteristics are as follows the first one

one

is on-demand self-service

and this can be defined as being able to

provision resources automatically

without requiring human interaction on

the provider's end

so in the end you will never need to

call up or interact with the service

provider in order to get resources

provisioned for you

as well you have the flexibility of

being able to provision and de-provision

these resources

whenever you need them and at any given

time of the day

the second characteristic is broad

network access

now this simply means that cloud

computing resources are available over

the network and can be accessed by many

different customer platforms such as

mobile phones

tablets or computers

in other words

cloud services are available over a

network moving into the third

is resource pooling

so the provider's computing resources

are pooled together to support a

multi-tenant model that allows multiple

customers to share the same applications

or the same physical infrastructure

while retaining privacy and security

over their information

this includes things like processing power

power

memory storage and networking

it's similar to people living in an

apartment building sharing the same

building infrastructure like power and

water yet they still have their own

apartments and privacy within that infrastructure

infrastructure

this also creates a sense of location

independence in that the customer

generally has no control or knowledge

over the exact location of the provided resources

resources

but they may be able to specify location

at a higher level of abstraction so in

the end the customer does not really

have the option of choosing exactly

which server server rack or data center

for that matter

of where the provided resources are

coming from

they will only be able to have the

option to choose things like regions or

sections within that region

the fourth essential characteristic is

rapid elasticity

this to me

is the key factor of what makes cloud

computing so great and so agile

capabilities can be elastically

provisioned and released

in some cases automatically to scale

rapidly outwards and inwards in response

with demand

to the consumer the capabilities

available for provisioning often appear

to be unlimited

and can be provisioned in any quantity

at any time and touching on the fifth

and last characteristic cloud systems

automatically control and optimize

resource usage by leveraging a metering capability

capability

resource usage can be monitored

controlled and reported providing

transparency for both the provider and

consumer of the service

now what this means is that cloud

computing resource usage is metered and

you can pay accordingly for what you've used

used

resource utilization

can be optimized by leveraging

pay-per-use capabilities

and this means that cloud resource usage

whether they are instances that are running

running

cloud storage or bandwidth it all gets

monitored measured and reported by the

cloud service provider the cost model is

based on

pay for what you use and so the payment

is based on the actual consumption

by the customer

so knowing these key characteristics of

cloud computing along with their benefits

benefits

i personally find can really give you a

leg up on the exam

as well as speaking to others in your

day-to-day role

as more and more companies start moving

to cloud i hope this lesson has

explained to you on what is cloud

computing and the benefits it provides

so that's all i have for this lesson

so you can now mark this lesson as

complete and let's move on to the next one

welcome back

in this lesson i wanted to go over the

four common cloud deployment models and

distinguish the differences between

public cloud multi-cloud

multi-cloud

private cloud and hybrid cloud

deployment models

this is a common subject that comes up a

fair amount in the exam

as well as a common theme in any

organization moving to cloud knowing the

distinctions between them can be

critical to the types of architecture

and services that you would use for the

specific scenario you are given

as well as being able to speak to the

different types of deployment models as

an engineer in the field getting back to

the deployment models let's start with

the public cloud model which we touched

on a bit in our last lesson

now the public cloud is defined as

computing services offered by

third-party providers

over the public internet

making them available to anyone who

wants to use or purchase them so this

means that google cloud will fall under

this category as a public cloud

there are also other vendors that fall

under this category such as aws and azure

azure

so again public cloud is a cloud that is

offered over the public internet

now public clouds can also be connected

and used together within a single

environment for various use cases

this cloud deployment model is called multi-cloud

multi-cloud

now a multi-cloud implementation can be

extremely effective if architected in

the right way

one implementation that is an effective

use of multi-cloud is when it is used

for disaster recovery this is where your

architecture would be replicated across

the different public clouds in case one

were to go down

another could pick up the slack what

drives many cases of a multi-cloud deployment

deployment

is to prevent vendor lock-in where you

are locked into a particular cloud

provider's infrastructure and unable to

move due to the vendor-specific feature

set the main downfall to this type of

architecture is that the infrastructure

of the public cloud that you're using

cannot be fully utilized

as each cloud vendor has their own

proprietary resources that will only

work in their specific infrastructure in

other words

in order to replicate the environment it

needs to be the same within each cloud

this removes each cloud's unique

features which is what makes them so

special and the resources so compelling

so sometimes finding the right strategy

can be tricky depending on the scenario

now the next deployment model i wanted

to touch on is private cloud private

cloud refers to your architecture that

exists on premise

and restricted to the business itself

with no public access

yet it still carries the same five

characteristics that we discussed with

regards to what defines cloud each of

the major cloud providers shown here

all have their own flavor of private

cloud that can be implemented on site

google cloud has anthos aws

aws

has aws outposts

and azures is azure stack

they show the same characteristic

and leverage similar technologies that

can be found in the vendor's public

cloud yet can be installed on your own

on-premise infrastructure please be aware

aware

any organizations may have a vmware

implementation which holds cloud-like

features yet this is not considered a

private cloud

true private cloud will always meet the

characteristics that make up cloud now

it is possible to use private cloud with

public cloud

and this implementation is called hybrid cloud

cloud

so hybrid cloud is when you are using

public cloud in conjunction with private

cloud as a single system a common

architecture used is due to compliance

where one cloud could help organizations

achieve specific governance

risk management and compliance

regulations while the other cloud could

take over the rest

now i'd really like to make an important

distinction here

if your on-premise infrastructure is

connected to public cloud this is not

considered hybrid cloud this is what's

known as hybrid environment or a hybrid

network as the on-premises

infrastructure holds no private cloud

characteristics true hybrid cloud allows

you to use the exact same interface and

tooling as what's available in the

public cloud so being aware of this can

avoid a lot of confusion down the road

so to sum up everything that we

discussed when it comes to public cloud

this is when one cloud provided by one

vendor that is available over the public internet

internet

multi-cloud is two or more public clouds

that are connected together to be used

as a single system a private cloud

is considered an on-premises cloud that

follows the five characteristics of cloud

cloud

and is restricted to the one

organization with no accessibility to

the public and finally hybrid cloud

is private cloud connected to a public cloud

cloud

and being used as a single environment

again as a note

on-premises architecture connected to

public cloud is considered a hybrid

environment and not hybrid cloud

the distinction between the two

are very different and should be

observed carefully as gotchas may come

up in both the exam

and in your role as an engineer so these

are all the different cloud deployment

models which will help you distinguish

on what type of architecture you will be using in any scenario that you are given

using in any scenario that you are given and so this is all i wanted to cover

and so this is all i wanted to cover when it comes to cloud deployment models

when it comes to cloud deployment models so you can now mark this lesson as

so you can now mark this lesson as complete

complete and let's move on to the next one

welcome back so to finish up the nist definition of

so to finish up the nist definition of cloud computing i wanted to touch on

cloud computing i wanted to touch on cloud service models which is commonly

cloud service models which is commonly referred to as zas

referred to as zas now this model is usually called zas or

now this model is usually called zas or xaas

xaas standing for anything as a service it

standing for anything as a service it includes all the services in a cloud

includes all the services in a cloud that customers can consume and x can be

that customers can consume and x can be changed to associate with the specific

changed to associate with the specific service

service so in order to describe the cloud

so in order to describe the cloud service models i needed to touch on some

service models i needed to touch on some concepts that you may or may not be

concepts that you may or may not be familiar with this will make

familiar with this will make understanding the service models a

understanding the service models a little bit easier as i go through the

little bit easier as i go through the course and describe the services

course and describe the services available and how they relate to the

available and how they relate to the model this lesson will make so much

model this lesson will make so much sense by the end

sense by the end it'll make the services in cloud easier

it'll make the services in cloud easier to both describe and define

to both describe and define now when it comes to deploying an

now when it comes to deploying an application they are deployed in an

application they are deployed in an infrastructure stack

infrastructure stack like the one you see here

like the one you see here now a stack is a collection of needed

now a stack is a collection of needed infrastructure that the application

infrastructure that the application needs to run on it is layered and each

needs to run on it is layered and each layer builds on top of the one previous

layer builds on top of the one previous to it to create what it is that you see

to it to create what it is that you see here now as you can see at the top this

here now as you can see at the top this is a traditional on-premises

is a traditional on-premises infrastructure stack that was typically

infrastructure stack that was typically used pre-cloud now in this traditional

used pre-cloud now in this traditional model

model all the components are managed by the

all the components are managed by the customer the purchasing of the data

customer the purchasing of the data center and all the network and storage

center and all the network and storage involved the physical servers the

involved the physical servers the virtualization the licensing for the

virtualization the licensing for the operating systems the staff that's

operating systems the staff that's needed to put it all together

needed to put it all together including racking stacking cabling

including racking stacking cabling physical security was also something

physical security was also something that needed to be taken into

that needed to be taken into consideration in other words for the

consideration in other words for the organization to put this together by

organization to put this together by themselves they were looking at huge

themselves they were looking at huge costs

costs now the advantages to this is that it

now the advantages to this is that it allowed for major flexibility as the

allowed for major flexibility as the organization is able to tune this any

organization is able to tune this any way they want to satisfy the application

way they want to satisfy the application compliance standards

compliance standards basically anything that they wanted now

basically anything that they wanted now when talking about the cloud service

when talking about the cloud service model concepts

model concepts parts are always managed by you and

parts are always managed by you and parts are managed by the vendor now

parts are managed by the vendor now another concept i wanted to touch on is

another concept i wanted to touch on is that unit of consumption is how the

that unit of consumption is how the vendor prices what they are serving to

vendor prices what they are serving to their customer now just before cloud

their customer now just before cloud became big in the market there was a

became big in the market there was a model where the data center was hosted

model where the data center was hosted for you so a vendor would come along and

for you so a vendor would come along and they would take care of everything with

they would take care of everything with regards to the data center

regards to the data center the racks

the racks the power to the racks the air

the power to the racks the air conditioning

conditioning the networking cables out of the

the networking cables out of the building and even the physical security

building and even the physical security and so the unit of consumption here was

and so the unit of consumption here was the rack space within the data center so

the rack space within the data center so the vendor would charge you for the rack

the vendor would charge you for the rack space and in turn they would take care

space and in turn they would take care of all the necessities within the data

of all the necessities within the data center now this is less flexible than

center now this is less flexible than the traditional on-premises model but

the traditional on-premises model but the data center is abstracted for you so

the data center is abstracted for you so throughout this lesson i wanted to

throughout this lesson i wanted to introduce a concept that might make

introduce a concept that might make things easier to grasp which is the

things easier to grasp which is the pizza as a service so now the

pizza as a service so now the traditional on-premises model

traditional on-premises model is where you would buy everything and

is where you would buy everything and make the pizza at home

make the pizza at home now as we go on in the lesson

now as we go on in the lesson less flexibility will be available

less flexibility will be available because more layers will be abstracted

because more layers will be abstracted so the next service model that i wanted

so the next service model that i wanted to introduce is infrastructure as a

to introduce is infrastructure as a service

service or i as for short this is where all the

or i as for short this is where all the layers from the data center up to

layers from the data center up to virtualization is taken care of by the

virtualization is taken care of by the vendor this is the most basic model

vendor this is the most basic model which is essentially your virtual

which is essentially your virtual machines in a cloud data center

machines in a cloud data center you set up configure

you set up configure and manage instances that run in the

and manage instances that run in the data center infrastructure and you put

data center infrastructure and you put whatever you want on them on google

whatever you want on them on google cloud google compute engine would

cloud google compute engine would satisfy this model and so the unit of

satisfy this model and so the unit of consumption here would be the operating

consumption here would be the operating system as you would manage all the

system as you would manage all the operating system updates and everything

operating system updates and everything that you decide to put on that instance

that you decide to put on that instance but as you can see here you are still

but as you can see here you are still responsible for the container the run

responsible for the container the run time the data and the application layers

time the data and the application layers now bringing up the pizza as a service

now bringing up the pizza as a service model is would be you picking up the

model is would be you picking up the pizza and you cooking it at home moving

pizza and you cooking it at home moving on to platform as a service or paz for

on to platform as a service or paz for short this is a model that is geared

short this is a model that is geared more towards developers and with pass

more towards developers and with pass the cloud provider provides a computing

the cloud provider provides a computing platform typically

platform typically including the operating system the

including the operating system the programming language execution

programming language execution environment the database and the web

environment the database and the web server now typically with pass you never

server now typically with pass you never have to worry about the operating system

have to worry about the operating system updates or managing the runtime and

updates or managing the runtime and middleware and so the unit of

middleware and so the unit of consumption here would be the runtime

consumption here would be the runtime now the runtime layer would be the layer

now the runtime layer would be the layer you would consume as you would be

you would consume as you would be running your code in the supplied

running your code in the supplied runtime environment that the cloud

runtime environment that the cloud vendor provides for you the provider

vendor provides for you the provider manages the hardware and software

manages the hardware and software infrastructure and you just use the

infrastructure and you just use the service this is usually the layer on top

service this is usually the layer on top of is and so all the layers between the

of is and so all the layers between the data center and runtime is taken care of

data center and runtime is taken care of by the vendor a great example of this

by the vendor a great example of this for google cloud is google app engine

for google cloud is google app engine which we will be diving into a little

which we will be diving into a little bit later getting back to the pizza as a

bit later getting back to the pizza as a service model

service model pass would fall under the pizza being

pass would fall under the pizza being delivered right to your door

delivered right to your door now with the past model explained i want

now with the past model explained i want to move into the last model which is sas

to move into the last model which is sas which stands for software as a service

which stands for software as a service now with sas all the layers are taken

now with sas all the layers are taken care of by the vendor so users are

care of by the vendor so users are provided access to application software

provided access to application software and cloud providers manage the

and cloud providers manage the infrastructure and platforms that run

infrastructure and platforms that run the applications g suite and microsoft's

the applications g suite and microsoft's office 365 are great examples of this

office 365 are great examples of this model now sas doesn't offer much

model now sas doesn't offer much flexibility but the trade-off is that

flexibility but the trade-off is that the vendor actually takes care of all

the vendor actually takes care of all these layers so again the unit of

these layers so again the unit of consumption here is the application

consumption here is the application itself and of course getting to the

itself and of course getting to the pizza as a service model sas

pizza as a service model sas is pretty much dining in the restaurant

is pretty much dining in the restaurant enjoying your pizza now to summarize

enjoying your pizza now to summarize when you have a data center on site you

when you have a data center on site you manage everything

manage everything when it's infrastructure as a service

when it's infrastructure as a service part of that stack is abstracted by the

part of that stack is abstracted by the cloud vendor with platform as a service

cloud vendor with platform as a service you're responsible for the application

you're responsible for the application and data

and data everything else is abstracted by the

everything else is abstracted by the vendor with software as a service again

vendor with software as a service again using the pizza as a service analogy on

using the pizza as a service analogy on premise you buy everything and you make

premise you buy everything and you make the pizza at home infrastructure as a

the pizza at home infrastructure as a service

service you pick up the pizza and you cook it at

you pick up the pizza and you cook it at home when it comes to platform as a

home when it comes to platform as a service the pizza is delivered

service the pizza is delivered and of course software as a service is

and of course software as a service is dining in the restaurant now there will

dining in the restaurant now there will be some other service models coming up

be some other service models coming up in this course such as function as a

in this course such as function as a service and containers as a service and

service and containers as a service and don't worry i'll be getting into those

don't worry i'll be getting into those later but i just wanted to give you a

later but i just wanted to give you a heads up so now for some of you this may

heads up so now for some of you this may have been a lot of information to take

have been a lot of information to take in but trust me

in but trust me knowing these models will give you a

knowing these models will give you a better understanding of the services

better understanding of the services provided in google cloud as well as any

provided in google cloud as well as any other cloud vendor so that's all i

other cloud vendor so that's all i wanted to cover in this lesson so you

wanted to cover in this lesson so you can now mark this lesson as complete and

can now mark this lesson as complete and let's move on to the next one

welcome back in this lesson i wanted to discuss google cloud global

discuss google cloud global infrastructure how data centers are

infrastructure how data centers are connected how traffic flows when a

connected how traffic flows when a request is done

request is done along with the overall structure of how

along with the overall structure of how google cloud geographic locations are

google cloud geographic locations are divided for better availability

divided for better availability durability and latency

durability and latency now google holds a highly provisioned

now google holds a highly provisioned low latency network where your traffic

low latency network where your traffic stays on google's private backbone for

stays on google's private backbone for most of its journey ensuring high

most of its journey ensuring high performance and a user experience that

performance and a user experience that is always above the norm google cloud

is always above the norm google cloud has been designed to serve users all

has been designed to serve users all around the world by designing their

around the world by designing their infrastructure with redundant cloud

infrastructure with redundant cloud regions connected with high bandwidth

regions connected with high bandwidth fiber cables as well as subsea cables

fiber cables as well as subsea cables connecting different continents

connecting different continents currently google has invested in 13

currently google has invested in 13 subsea cables connecting these

subsea cables connecting these continents at points of presence as you

continents at points of presence as you see here in this diagram hundreds of

see here in this diagram hundreds of thousands of miles of fiber cables have

thousands of miles of fiber cables have also been laid to connect points of

also been laid to connect points of presence for direct connectivity

presence for direct connectivity privacy and reduced latency

privacy and reduced latency just to give you an idea of what a

just to give you an idea of what a subsea cable run might look like i have

subsea cable run might look like i have included a diagram of how dedicated

included a diagram of how dedicated google is to their customers as there is

google is to their customers as there is so much that goes into running these

so much that goes into running these cables that connect continents as you

cables that connect continents as you can see here this is the north virginia

can see here this is the north virginia region being connected to the belgium

region being connected to the belgium region from the u.s over to europe a

region from the u.s over to europe a cable is run from the north virginia

cable is run from the north virginia data center as well as having a point of

data center as well as having a point of presence in place

presence in place going through a landing station before

going through a landing station before going deep into the sea on the other

going deep into the sea on the other side the landing station on the french

side the landing station on the french west coast

west coast picks up the other side of the cable and

picks up the other side of the cable and brings it over to the data center in the

brings it over to the data center in the belgium region and this is a typical

belgium region and this is a typical subsea cable run for google so

subsea cable run for google so continents are connected for maximum

continents are connected for maximum global connectivity

global connectivity now at the time of recording this video

now at the time of recording this video google cloud footprint spans 24 regions

google cloud footprint spans 24 regions 73 zones and over

73 zones and over 144 points of presence across more than

144 points of presence across more than 200 countries and territories worldwide

200 countries and territories worldwide and as you can see here the white dots

and as you can see here the white dots on the map are regions that are

on the map are regions that are currently being built to expand their

currently being built to expand their network for wider connectivity now to

network for wider connectivity now to show you how a request is routed through

show you how a request is routed through google's network i thought i would

google's network i thought i would demonstrate this by using tony bowtie

demonstrate this by using tony bowtie now tony makes a request to his database

now tony makes a request to his database in google cloud and google responds to

in google cloud and google responds to tony's request

tony's request from a pop or edge network location that

from a pop or edge network location that will provide the lowest latency this

will provide the lowest latency this point of presence is where isps can

point of presence is where isps can connect to google's network google's

connect to google's network google's edge network receives tony's request and

edge network receives tony's request and passes it to the nearest google data

passes it to the nearest google data center over its private fiber network

center over its private fiber network the data center generates a response

the data center generates a response that's optimized to provide the best

that's optimized to provide the best experience for tony at that given moment

experience for tony at that given moment in time the app or browser that tony is

in time the app or browser that tony is using retrieves the requested content

using retrieves the requested content with a response back from various google

with a response back from various google locations including the google data

locations including the google data centers edge pops and edge nodes

centers edge pops and edge nodes whichever is providing the lowest

whichever is providing the lowest latency this data path happens in a

latency this data path happens in a matter of seconds and due to google's

matter of seconds and due to google's global infrastructure it travels

global infrastructure it travels securely and with the least amount of

securely and with the least amount of latency possible

latency possible no matter the geographic location that

no matter the geographic location that the request is coming from

the request is coming from now i wanted to take a moment to break

now i wanted to take a moment to break down how the geographic areas are broken

down how the geographic areas are broken out and organized in google cloud

out and organized in google cloud we start off with the geographic

we start off with the geographic location such as the united states of

location such as the united states of america and it's broken down into

america and it's broken down into multi-region into regions and finally

multi-region into regions and finally zones and so to start off with i wanted

zones and so to start off with i wanted to talk about zones now a zone is a

to talk about zones now a zone is a deployment area for google cloud

deployment area for google cloud resources within a region a zone is the

resources within a region a zone is the smallest entity in google's global

smallest entity in google's global network you can think of it as a single

network you can think of it as a single failure domain within a region now as a

failure domain within a region now as a best practice resources should always be

best practice resources should always be deployed

deployed in zones that are closest to your users

in zones that are closest to your users for optimal latency

for optimal latency now next up we have a region

now next up we have a region and regions are independent geographic

and regions are independent geographic areas that are subdivided into zones so

areas that are subdivided into zones so you can think of a region as a

you can think of a region as a collection of zones and having a region

collection of zones and having a region with multiple zones is designed for

with multiple zones is designed for fault tolerance and high availability

fault tolerance and high availability the intercommunication between zones

the intercommunication between zones within a region is under five

within a region is under five milliseconds so rest assured that your

milliseconds so rest assured that your data is always traveling at optimal

data is always traveling at optimal speeds

speeds now moving on into a multi-region

now moving on into a multi-region now multi-regions are large geographic

now multi-regions are large geographic areas that contain two or more regions

areas that contain two or more regions and this allows google services to

and this allows google services to maximize redundancy and distribution

maximize redundancy and distribution within and across regions

within and across regions and this is for google redundancy or

and this is for google redundancy or high availability having your data

high availability having your data spread across multiple regions

spread across multiple regions always reassures that your data is

always reassures that your data is constantly available

constantly available and so that covers all the concepts that

and so that covers all the concepts that i wanted to go over when it comes to

i wanted to go over when it comes to geography and regions within google

geography and regions within google cloud

cloud note that the geography and regions

note that the geography and regions concepts are fundamental not only for

concepts are fundamental not only for the exam but for your day-to-day role in

the exam but for your day-to-day role in google cloud

google cloud so just as a recap a zone is a

so just as a recap a zone is a deployment area for google cloud

deployment area for google cloud resources within a region a zone is the

resources within a region a zone is the smallest entity of google's global

smallest entity of google's global infrastructure now a region is an

infrastructure now a region is an independent geographic area that are

independent geographic area that are subdivided into zones and finally when

subdivided into zones and finally when it comes to multi-region

it comes to multi-region multi-regions are large geographic areas

multi-regions are large geographic areas that contains two or more regions

that contains two or more regions again

again these are all fundamental concepts that

these are all fundamental concepts that you should know for the exam and for

you should know for the exam and for your day-to-day role in google cloud and

your day-to-day role in google cloud and so that's all i had for this lesson so

so that's all i had for this lesson so you can now mark this lesson as complete

you can now mark this lesson as complete and let's move on to the next one

and let's move on to the next one [Music]

[Music] welcome back

welcome back this lesson is going to be an overview

this lesson is going to be an overview of all the compute service options that

of all the compute service options that are available in google cloud

are available in google cloud how they differ from each other

how they differ from each other and where they fall under the cloud

and where they fall under the cloud service model again this lesson is just

service model again this lesson is just an overview of the compute options as we

an overview of the compute options as we will be diving deeper into each compute

will be diving deeper into each compute option

option later on in this course so google cloud

later on in this course so google cloud gives you so many options when it comes

gives you so many options when it comes to compute services ones that offer

to compute services ones that offer complete control and flexibility others

complete control and flexibility others that offer flexible container technology

that offer flexible container technology managed application platform and

managed application platform and serverless environments and so when we

serverless environments and so when we take all of these compute options and we

take all of these compute options and we look at it from a service model

look at it from a service model perspective you can see that there's so

perspective you can see that there's so much flexibility starting here on the

much flexibility starting here on the left with infrastructure as a service

left with infrastructure as a service giving you the most optimal flexibility

giving you the most optimal flexibility moving all the way over to the right

moving all the way over to the right where we have function as a service

where we have function as a service offering less flexibility but the upside

offering less flexibility but the upside being less that you have to manage and

being less that you have to manage and we'll be going through these compute

we'll be going through these compute options starting on the left here with

options starting on the left here with infrastructure as a service we have

infrastructure as a service we have compute engine now compute engine is

compute engine now compute engine is google's staple infrastructure the

google's staple infrastructure the service product that offers virtual

service product that offers virtual machines or vms called instances these

machines or vms called instances these instances can be deployed in any region

instances can be deployed in any region or zone that you choose you also have

or zone that you choose you also have the option of deciding what operating

the option of deciding what operating system you want on it as well as the

system you want on it as well as the software so you have the option of

software so you have the option of installing different types of flavors of

installing different types of flavors of linux or windows and the software to go

linux or windows and the software to go with it google also gives you the

with it google also gives you the options of creating these instances

options of creating these instances using public or private images

using public or private images so if you or your company have a private

so if you or your company have a private image that you'd like to use you can use

image that you'd like to use you can use this to create your instances google

this to create your instances google also gives you the option to use public

also gives you the option to use public images to create instances and are

images to create instances and are available when you launch compute engine

available when you launch compute engine as well there are also pre-configured

as well there are also pre-configured images and software packages available

images and software packages available in the google cloud marketplace and we

in the google cloud marketplace and we will be diving a little bit deeper into

will be diving a little bit deeper into the google cloud marketplace in another

the google cloud marketplace in another lesson just know that there are slew of

lesson just know that there are slew of images out there that's available to

images out there that's available to create instances giving you the ease to

create instances giving you the ease to deploy now when it comes to compute

deploy now when it comes to compute engine and you're managing multiple

engine and you're managing multiple instances these are done using instance

instances these are done using instance groups

groups and when you're looking at adding or

and when you're looking at adding or removing capacity for those compute

removing capacity for those compute engine instances automatically you would

engine instances automatically you would use auto scaling in conjunction with

use auto scaling in conjunction with those instance groups compute engine

those instance groups compute engine also gives you the option of attaching

also gives you the option of attaching and detaching disks as you need them as

and detaching disks as you need them as well google cloud storage can be used in

well google cloud storage can be used in conjunction with compute engine as

conjunction with compute engine as another storage option and when

another storage option and when connecting directly to compute engine

connecting directly to compute engine google gives you the option of using ssh

google gives you the option of using ssh to securely connect to it so moving on

to securely connect to it so moving on to the next compute service option

to the next compute service option we have google kubernetes engine also

we have google kubernetes engine also known as gke

known as gke now gke

now gke is google's flagship container

is google's flagship container orchestration system

orchestration system for automating

for automating deploying

deploying scaling and managing containers

scaling and managing containers gke is also built on the same open

gke is also built on the same open source kubernetes project that was

source kubernetes project that was introduced by google to the public back

introduced by google to the public back in 2014

in 2014 now before google made kubernetes a

now before google made kubernetes a managed service there was many that

managed service there was many that decided to build kubernetes on premise

decided to build kubernetes on premise in their data centers and because it is

in their data centers and because it is built on the same platform

built on the same platform gke

gke offers the flexibility of integrating

offers the flexibility of integrating with these on-premise kubernetes

with these on-premise kubernetes deployments now under the hood gke uses

deployments now under the hood gke uses compute engine instances as nodes in a

compute engine instances as nodes in a cluster and as a quick note a cluster is

cluster and as a quick note a cluster is a group of nodes or compute engine

a group of nodes or compute engine instances and again we'll be going over

instances and again we'll be going over all this in much greater detail in a

all this in much greater detail in a different lesson so if you haven't

different lesson so if you haven't already figured it out google kubernetes

already figured it out google kubernetes engine is considered container as a

engine is considered container as a service now the next compute service

service now the next compute service option that i wanted to go over

option that i wanted to go over that falls under platform as a service

that falls under platform as a service is app engine

is app engine now app engine is a fully managed

now app engine is a fully managed serverless platform for developing and

serverless platform for developing and hosting web applications at scale now

hosting web applications at scale now with app engine google handles most of

with app engine google handles most of the management of the resources for you

the management of the resources for you for example if your application requires

for example if your application requires more computing resources because traffic

more computing resources because traffic to your website increases google

to your website increases google automatically scales the system to

automatically scales the system to provide these resources if the system

provide these resources if the system software needs a security update as well

software needs a security update as well that's handled for you too and so all

that's handled for you too and so all you need to really take care of is your

you need to really take care of is your application

application and you can build your application in

and you can build your application in your favorite language go java.net and

your favorite language go java.net and many others

many others and you can use both pre-configured

and you can use both pre-configured runtimes or use custom runtimes to allow

runtimes or use custom runtimes to allow you to write the code in any language

you to write the code in any language app engine also allows you to connect

app engine also allows you to connect with google cloud storage products and

with google cloud storage products and databases seamlessly app engine also

databases seamlessly app engine also offers the flexibility of connecting

offers the flexibility of connecting with third-party databases as well as

with third-party databases as well as other cloud providers and third-party

other cloud providers and third-party vendors app engine also integrates with

vendors app engine also integrates with a well-known security product in google

a well-known security product in google cloud called web security scanner as to

cloud called web security scanner as to identify security vulnerabilities and so

identify security vulnerabilities and so that covers app engine in a nutshell

that covers app engine in a nutshell moving on to the next compute service

moving on to the next compute service option

option we have cloud functions and cloud

we have cloud functions and cloud functions fall under function as a

functions fall under function as a service this is a serverless execution

service this is a serverless execution environment

environment for building and connecting cloud

for building and connecting cloud services with cloud functions you write

services with cloud functions you write simple single purpose functions that are

simple single purpose functions that are attached to events

attached to events that are produced from your

that are produced from your infrastructure and services in google

infrastructure and services in google cloud your function is triggered when an

cloud your function is triggered when an event being watched is fired your code

event being watched is fired your code then executes in a fully managed

then executes in a fully managed environment there is no need to

environment there is no need to provision any infrastructure or worry

provision any infrastructure or worry about managing any servers and cloud

about managing any servers and cloud functions can be written using

functions can be written using javascript python 3

javascript python 3 go or java runtimes so you can take your

go or java runtimes so you can take your function and run it in any of these

function and run it in any of these standard environments which makes it

standard environments which makes it extremely portable now cloud functions

extremely portable now cloud functions are a good choice for use cases that

are a good choice for use cases that include the following

include the following data processing or etl operations such

data processing or etl operations such as video transcoding and iot streaming

as video transcoding and iot streaming data web hooks that respond to http

data web hooks that respond to http triggers

triggers lightweight apis that compose loosely

lightweight apis that compose loosely coupled logic into applications as well

coupled logic into applications as well as mobile back-end functions

as mobile back-end functions again cloud functions are considered

again cloud functions are considered function as a service and so that covers

function as a service and so that covers cloud functions

cloud functions now moving to the far right of the

now moving to the far right of the screen on the other side of the arrow we

screen on the other side of the arrow we have our last compute service option

have our last compute service option which is cloud run now cloud run is a

which is cloud run now cloud run is a fully managed compute platform for

fully managed compute platform for deploying and scaling containerized

deploying and scaling containerized applications quickly and securely

applications quickly and securely cloudrun was built on an open standard

cloudrun was built on an open standard called k native and this enabled the

called k native and this enabled the portability of any applications that

portability of any applications that were built on it cloudrun also abstracts

were built on it cloudrun also abstracts away all the infrastructure management

away all the infrastructure management by automatically scaling up and down

by automatically scaling up and down almost instantaneously depending on the

almost instantaneously depending on the traffic now cloud run was google's

traffic now cloud run was google's response to abstracting all the

response to abstracting all the infrastructure that was designed to run

infrastructure that was designed to run containers and so this is known as

containers and so this is known as serverless for containers cloudrun has

serverless for containers cloudrun has massive flexibility as you can write it

massive flexibility as you can write it in any language

in any language any library using any binary this

any library using any binary this compute service is considered a function

compute service is considered a function as a service now at the time of

as a service now at the time of recording this video i have not heard of

recording this video i have not heard of cloud cloudrun being in the exam but

cloud cloudrun being in the exam but since it is a compute service option i

since it is a compute service option i felt the need for cloudrun to have an

felt the need for cloudrun to have an honorable mention and so these are all

honorable mention and so these are all the compute service options that are

the compute service options that are available on google cloud and we will be

available on google cloud and we will be diving deeper into each one of these

diving deeper into each one of these later on in this course

later on in this course again this is just an overview of all

again this is just an overview of all the compute service options that are

the compute service options that are available on the google cloud platform

available on the google cloud platform and so that's all i wanted to cover for

and so that's all i wanted to cover for this lesson

this lesson so you can now mark this lesson as

so you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

one [Music]

[Music] welcome back

welcome back now in the last lesson i covered all the

now in the last lesson i covered all the different options for compute services

different options for compute services in this lesson we're going to cover the

in this lesson we're going to cover the options that are available that couple

options that are available that couple well with these compute services by

well with these compute services by diving deeper into the different storage

diving deeper into the different storage types and the different databases

types and the different databases available on google cloud again this is

available on google cloud again this is strictly an overview as i will be diving

strictly an overview as i will be diving deeper into these services later on in

deeper into these services later on in the course

the course now when it comes to storage options

now when it comes to storage options there are three services that are

there are three services that are readily available to you in google cloud

readily available to you in google cloud each of them have their own specific use

each of them have their own specific use case that i will be diving into in just

case that i will be diving into in just a second

a second the first one i wanted to go over is

the first one i wanted to go over is cloud storage

cloud storage now with cloud storage this is google's

now with cloud storage this is google's consistent scalable

consistent scalable large capacity and highly durable object

large capacity and highly durable object storage

storage so when i refer to object storage this

so when i refer to object storage this is not the type of storage that you

is not the type of storage that you would attach to your instance and store

would attach to your instance and store your operating system on i'm talking

your operating system on i'm talking about managing data as objects such as

about managing data as objects such as documents or pictures and shouldn't be

documents or pictures and shouldn't be confused with block storage which

confused with block storage which manages data at a more granular level

manages data at a more granular level such as an operating system not to worry

such as an operating system not to worry if you fully don't grasp the concept of

if you fully don't grasp the concept of object storage i will be going into

object storage i will be going into further detail with that

further detail with that later on in the cloud storage lesson

later on in the cloud storage lesson cloud storage has 11 9's durability and

cloud storage has 11 9's durability and what i mean by durability is basically

what i mean by durability is basically loss of files so just to give you a

loss of files so just to give you a better picture on cloud storage

better picture on cloud storage durability if you store 1 million files

durability if you store 1 million files statistically google would lose one file

statistically google would lose one file every 659

every 659 000 years and you are about over 400

000 years and you are about over 400 times more likely to get hit by a meteor

times more likely to get hit by a meteor than to actually lose a file so as you

than to actually lose a file so as you can see cloud storage is a very good

can see cloud storage is a very good place to be storing your files another

place to be storing your files another great feature on cloud storage is the

great feature on cloud storage is the unlimited storage that it has with no

unlimited storage that it has with no minimum object size so feel free to

minimum object size so feel free to continuously put files in cloud storage

continuously put files in cloud storage now when it comes to use cases cloud

now when it comes to use cases cloud storage is fantastic for content

storage is fantastic for content delivery data lakes and backups and to

delivery data lakes and backups and to make cloud storage even more flexible it

make cloud storage even more flexible it is available in different storage

is available in different storage classes and availability which i will be

classes and availability which i will be going over in just a second now when it

going over in just a second now when it comes to these different storage classes

comes to these different storage classes there are four different classes that

there are four different classes that you can choose from the first one is the

you can choose from the first one is the standard storage class and this storage

standard storage class and this storage class offers the maximum availability

class offers the maximum availability with your data with absolutely no

with your data with absolutely no limitations this is great for storage

limitations this is great for storage that you access all the time the next

that you access all the time the next storage class is near line and this is

storage class is near line and this is low-cost archival storage so this

low-cost archival storage so this storage class is cheaper than standard

storage class is cheaper than standard and is designed for storage that only

and is designed for storage that only needs to be accessed less than once a

needs to be accessed less than once a month and if you're looking for an even

month and if you're looking for an even more cost effective solution cloud

more cost effective solution cloud storage has cold line storage class

storage has cold line storage class which is an even lower cost archival

which is an even lower cost archival storage solution this storage class is

storage solution this storage class is designed for storage that only needs to

designed for storage that only needs to be accessed less than once every quarter

be accessed less than once every quarter and just when you thought that the

and just when you thought that the prices couldn't get lower than cold line

prices couldn't get lower than cold line cloud storage has offered another

cloud storage has offered another storage class called archive and this is

storage class called archive and this is the lowest cost archival storage which

the lowest cost archival storage which offers storage at a fraction of a penny

offers storage at a fraction of a penny per gigabyte but is designed for

per gigabyte but is designed for archival or backup use that is accessed

archival or backup use that is accessed less than once a year now when it comes

less than once a year now when it comes to cloud storage availability there are

to cloud storage availability there are three options that are available

three options that are available there is region dual region and

there is region dual region and multi-region region is designed to store

multi-region region is designed to store your data in one single region dual

your data in one single region dual region is exactly how it sounds which is

region is exactly how it sounds which is a pair of regions now in multiregion

a pair of regions now in multiregion cloud storage stores your data over a

cloud storage stores your data over a large geographic area consisting of many

large geographic area consisting of many different regions across that same

different regions across that same selected geographic area and so that

selected geographic area and so that about covers cloud storage as a storage

about covers cloud storage as a storage option the next storage option that i

option the next storage option that i wanted to talk about is file store

wanted to talk about is file store now file store is a fully managed nfs

now file store is a fully managed nfs file server from google cloud that is

file server from google cloud that is nfs version 3 compliant you can store

nfs version 3 compliant you can store data from running applications from

data from running applications from multiple vm instances and kubernetes

multiple vm instances and kubernetes clusters

clusters accessing the data at the same time file

accessing the data at the same time file store is a great option for when you're

store is a great option for when you're thinking about accessing data from let's

thinking about accessing data from let's say an instance group and you need

say an instance group and you need multiple instances to access the same

multiple instances to access the same data and moving on to the last storage

data and moving on to the last storage option we have persistent disks

option we have persistent disks now with persistent disks this is

now with persistent disks this is durable block storage for instances now

durable block storage for instances now as i explained before block storage is

as i explained before block storage is different than object storage

different than object storage if you remember previously i explained

if you remember previously i explained that object storage is designed to store

that object storage is designed to store objects such as data or photos or videos

objects such as data or photos or videos whereas block storage is raw storage

whereas block storage is raw storage capacity that is used in drives that are

capacity that is used in drives that are connected to an operating system in this

connected to an operating system in this case persistent disks are doing just

case persistent disks are doing just that persistent disks come in two

that persistent disks come in two options

options the first one is the standard option

the first one is the standard option which gives you regular standard storage

which gives you regular standard storage at a reasonable price and the other

at a reasonable price and the other option is solid state or ssd

option is solid state or ssd which gives you lower latency

which gives you lower latency higher iops and is just all around

higher iops and is just all around faster than your standard persistent

faster than your standard persistent disk both of these options are available

disk both of these options are available in zonal and regional options depending

in zonal and regional options depending on what you need for your specific

on what you need for your specific workload so now that i've covered all

workload so now that i've covered all three storage options i wanted to touch

three storage options i wanted to touch into the database options that are

into the database options that are available on google cloud these database

available on google cloud these database options come in both the sql and nosql

options come in both the sql and nosql flavors depending on your use case now

flavors depending on your use case now getting into the options themselves i

getting into the options themselves i wanted to start off going into a little

wanted to start off going into a little bit of detail with the sql relational

bit of detail with the sql relational options so the first option is cloud sql

options so the first option is cloud sql and cloud sql is a fully managed

and cloud sql is a fully managed database service that is offered in

database service that is offered in postgres mysql and sql server flavors

postgres mysql and sql server flavors cloud sql also has the option of being

cloud sql also has the option of being highly available across zones now moving

highly available across zones now moving into cloud spanner this is a scalable

into cloud spanner this is a scalable relational database service that's

relational database service that's highly available not only across zones

highly available not only across zones but across regions and if need be

but across regions and if need be available globally cloud spanner is

available globally cloud spanner is designed to support transactions strong

designed to support transactions strong consistency and synchronous replication

consistency and synchronous replication moving into the nosql options there are

moving into the nosql options there are four available services that google

four available services that google cloud offers moving into the first one

cloud offers moving into the first one is bigtable

is bigtable and bigtable is a fully managed scalable

and bigtable is a fully managed scalable nosql database that has high throughput

nosql database that has high throughput and low latency bigtable also comes with

and low latency bigtable also comes with the flexibility of doing cluster

the flexibility of doing cluster resizing without any downtime the next

resizing without any downtime the next nosql option available is datastore and

nosql option available is datastore and this is google cloud's fast fully

this is google cloud's fast fully managed

managed serverless

serverless nosql document database datastore is

nosql document database datastore is designed for mobile web

designed for mobile web and internet of things applications

and internet of things applications datastore has the capabilities of doing

datastore has the capabilities of doing multi-region replication

multi-region replication as well as acid transactions for those

as well as acid transactions for those of you who don't know i will be covering

of you who don't know i will be covering acid transactions in a later lesson next

acid transactions in a later lesson next up for nosql options is firestore and

up for nosql options is firestore and this is a nosql real-time database

this is a nosql real-time database and is optimized for offline use if

and is optimized for offline use if you're looking to store data in a

you're looking to store data in a database in real time firestore is your

database in real time firestore is your option and like bigtable you can resize

option and like bigtable you can resize the cluster in firestore without any

the cluster in firestore without any downtime and the last nosql option is

downtime and the last nosql option is memorystore and this is google cloud's

memorystore and this is google cloud's highly available

highly available in memory service for redis and

in memory service for redis and memcached this is a fully managed

memcached this is a fully managed service and so google cloud takes care

service and so google cloud takes care of everything for you now i know this

of everything for you now i know this has been a short lesson on storage and

has been a short lesson on storage and database options but a necessary

database options but a necessary overview nonetheless of what's to come

overview nonetheless of what's to come and so that's about all i wanted to

and so that's about all i wanted to cover in this lesson so you can now mark

cover in this lesson so you can now mark this lesson as complete and let's move

this lesson as complete and let's move on to the next one

on to the next one [Music]

[Music] welcome back now while there are some

welcome back now while there are some services in gcp that take care of

services in gcp that take care of networking for you

networking for you there are still others like compute

there are still others like compute engine that give you a bit more

engine that give you a bit more flexibility in the type of networking

flexibility in the type of networking you'd like to establish

you'd like to establish this lesson will go over these

this lesson will go over these networking services at a high level and

networking services at a high level and provide you with strictly an overview to

provide you with strictly an overview to give you an idea on what's available for

give you an idea on what's available for any particular type of scenario when it

any particular type of scenario when it comes to connecting and scaling your

comes to connecting and scaling your network traffic i will be going into

network traffic i will be going into further details

further details on these networking services in later

on these networking services in later lessons now i wanted to start off with

lessons now i wanted to start off with some core networking features for your

some core networking features for your resources and how to govern specific

resources and how to govern specific traffic

traffic traveling to and from your network this

traveling to and from your network this is where networks firewalls and routes

is where networks firewalls and routes come into play so first i wanted to

come into play so first i wanted to start off with virtual private cloud

start off with virtual private cloud also known as vpc now vpc

also known as vpc now vpc manages networking functionality for

manages networking functionality for your google cloud resources

your google cloud resources this is a virtualized network within

this is a virtualized network within google cloud so you can picture it as

google cloud so you can picture it as your virtualized data center vpc is a

your virtualized data center vpc is a core networking service

core networking service and is also a global resource that spans

and is also a global resource that spans throughout all the different regions

throughout all the different regions available in google cloud each vpc

available in google cloud each vpc contains a default network as well

contains a default network as well additional networks can be created in

additional networks can be created in your project but networks cannot be

your project but networks cannot be shared between projects

shared between projects and i'll be going into further depth on

and i'll be going into further depth on vpc in a later lesson so now that we've

vpc in a later lesson so now that we've covered vpc i wanted to get into

covered vpc i wanted to get into firewall rules and routes now firewall

firewall rules and routes now firewall rules segment your networks with a

rules segment your networks with a global distributive firewall to restrict

global distributive firewall to restrict access to resources so this governs

access to resources so this governs traffic coming into instances on a

traffic coming into instances on a network each default network has a

network each default network has a default set of firewall rules that have

default set of firewall rules that have already been established but don't fret

already been established but don't fret you can create your own rules and set

you can create your own rules and set them accordingly depending on your

them accordingly depending on your workload now when it comes to routes

workload now when it comes to routes this specifies how traffic should be

this specifies how traffic should be routed within your vpc to get a little

routed within your vpc to get a little bit more granular routes specify how

bit more granular routes specify how packets leaving an instance should be

packets leaving an instance should be directed so it's a basic way of defining

directed so it's a basic way of defining which way your traffic is going to

which way your traffic is going to travel moving on to the next concept i

travel moving on to the next concept i wanted to cover a little bit about low

wanted to cover a little bit about low balancing and how it distributes

balancing and how it distributes workloads across multiple instances

workloads across multiple instances now we have two different types of load

now we have two different types of load balancing and both these types of load

balancing and both these types of load balancing can be broken down to even a

balancing can be broken down to even a more granular level now when it comes to

more granular level now when it comes to http or https low balancing this is the

http or https low balancing this is the type of load balancing that covers

type of load balancing that covers worldwide auto scaling and load

worldwide auto scaling and load balancing over multiple regions or even

balancing over multiple regions or even a single region on a single global ip

a single region on a single global ip https load balancing distributes traffic

https load balancing distributes traffic across various regions and make sure

across various regions and make sure that the traffic is routed to the

that the traffic is routed to the closest region or in case there's

closest region or in case there's failures amongst instances or in

failures amongst instances or in instances being bombarded with traffic

instances being bombarded with traffic http and https load balancing can route

http and https load balancing can route the traffic to a healthy instance in the

the traffic to a healthy instance in the next closest region another great

next closest region another great feature of this load balancing is that

feature of this load balancing is that it can distribute traffic based on

it can distribute traffic based on content type now when it comes to

content type now when it comes to network load balancing this is a

network load balancing this is a regional load balancer and supports any

regional load balancer and supports any and all ports

and all ports it distributes traffic among server

it distributes traffic among server instances in the same region

instances in the same region based on incoming ip protocol data such

based on incoming ip protocol data such as address port and protocol now when it

as address port and protocol now when it comes to networking

comes to networking dns plays a big part and because dns

dns plays a big part and because dns plays a big part in networking google

plays a big part in networking google has made this service 100 available

has made this service 100 available on top of giving any dns queries the

on top of giving any dns queries the absolute lowest latency with google

absolute lowest latency with google cloud dns you can publish and maintain

cloud dns you can publish and maintain dns records by using the same

dns records by using the same infrastructure that google uses and you

infrastructure that google uses and you can work with your managed zones and dns

can work with your managed zones and dns records such as mx records tax records

records such as mx records tax records cname records and a records and you can

cname records and a records and you can do this all through the cli

do this all through the cli the api

the api or the sdk now some of the advanced

or the sdk now some of the advanced connectivity options that are available

connectivity options that are available in google cloud are cloudvpn and direct

in google cloud are cloudvpn and direct interconnect now cloudvpn connects your

interconnect now cloudvpn connects your existing network whether it be

existing network whether it be on-premise or in another location

on-premise or in another location to your vbc network through an ipsec

to your vbc network through an ipsec connection

connection the traffic is encrypted and travels

the traffic is encrypted and travels between the two networks over the public

between the two networks over the public internet now when it comes to direct

internet now when it comes to direct interconnect this connectivity option

interconnect this connectivity option allows you to connect your existing

allows you to connect your existing network to your vpc network using a

network to your vpc network using a highly available

highly available low latency connection this connectivity

low latency connection this connectivity option does not traverse the public

option does not traverse the public internet and merely connects to google's

internet and merely connects to google's backbone and this is what gives it the

backbone and this is what gives it the highly available low latency connection

highly available low latency connection a couple of other advanced connectivity

a couple of other advanced connectivity options is direct and carrier peering

options is direct and carrier peering these connections allow your traffic to

these connections allow your traffic to flow through google's edge network

flow through google's edge network locations and pairing can be done

locations and pairing can be done directly or it can be done through a

directly or it can be done through a third-party carrier and so although this

third-party carrier and so although this is a very short lesson i will be going

is a very short lesson i will be going into greater depth on all these concepts

into greater depth on all these concepts in later lessons in the course so that's

in later lessons in the course so that's all i had to cover for this lesson so

all i had to cover for this lesson so you can now mark this lesson as complete

you can now mark this lesson as complete and let's move on to the next one

welcome back in this lesson we're going to learn about how resources and

to learn about how resources and entities

entities are organized within google cloud and

are organized within google cloud and how permissions are inherited through

how permissions are inherited through this approach knowing this structure

this approach knowing this structure is a fundamental concept that you should

is a fundamental concept that you should know while working in gcp at any

know while working in gcp at any capacity so before defining what the

capacity so before defining what the resource hierarchy is i'd like to take a

resource hierarchy is i'd like to take a little bit of time to define what is a

little bit of time to define what is a resource now in the context of google

resource now in the context of google cloud a resource can refer to the

cloud a resource can refer to the service level resources that are used to

service level resources that are used to process your workloads such as compute

process your workloads such as compute instance vms

instance vms cloud storage buckets

cloud storage buckets and even cloud sql databases as well as

and even cloud sql databases as well as the account level resources that sit

the account level resources that sit above the services

above the services such as the organization itself

such as the organization itself the folders

the folders and the projects of course which we will

and the projects of course which we will be getting into a little bit deeper in

be getting into a little bit deeper in just a minute

just a minute the resource hierarchy is google's way

the resource hierarchy is google's way to configure and grant access

to configure and grant access to the various cloud resources for your

to the various cloud resources for your company within google cloud both at the

company within google cloud both at the service level

service level and at the account level

and at the account level the resource hierarchy in google cloud

the resource hierarchy in google cloud can truly define the granular

can truly define the granular permissions needed for when you need to

permissions needed for when you need to configure permissions to everyone in the

configure permissions to everyone in the organization that actually makes sense

organization that actually makes sense so now that we covered what is a

so now that we covered what is a resource i wanted to start digging into

resource i wanted to start digging into the resource hierarchy and the structure

the resource hierarchy and the structure itself now google cloud resources are

itself now google cloud resources are organized hierarchically using a

organized hierarchically using a parent-child relationship this hierarchy

parent-child relationship this hierarchy is designed to map an organization's

is designed to map an organization's operational structure to google cloud

operational structure to google cloud and to manage access control and

and to manage access control and permissions for groups of related

permissions for groups of related resources

resources so overall

so overall resource hierarchy will give

resource hierarchy will give organizations better management of

organizations better management of permissions and access control

permissions and access control the accessibility of these resources or

the accessibility of these resources or policies are controlled by identity and

policies are controlled by identity and access management also known as iam a

access management also known as iam a big component of gcp which we will be

big component of gcp which we will be digging into a little bit later on in

digging into a little bit later on in this course and so when an iam policy is

this course and so when an iam policy is set on a parent the child will inherit

set on a parent the child will inherit this policy respectively access control

this policy respectively access control policies and configuration settings on a

policies and configuration settings on a parent resource

parent resource are always inherited by the child also

are always inherited by the child also please note that each child object can

please note that each child object can only have exactly one parent

only have exactly one parent and that these policies are again

and that these policies are again controlled by iam so now to understand a

controlled by iam so now to understand a little bit more about how the gcp

little bit more about how the gcp resource hierarchy works

resource hierarchy works i wanted to dig into the layers that

i wanted to dig into the layers that support this hierarchy

support this hierarchy so this is a diagram of exactly what the

so this is a diagram of exactly what the resource hierarchy looks like in all of

resource hierarchy looks like in all of its awesomeness

its awesomeness including the billing account along with

including the billing account along with the payments profile but we're not going

the payments profile but we're not going to get into that right now i'll actually

to get into that right now i'll actually be covering that in a later lesson so

be covering that in a later lesson so more on that later

more on that later so building the structure from the top

so building the structure from the top down we start off with the domain or

down we start off with the domain or cloud level and as you can see here the

cloud level and as you can see here the domain of bowtieinc.co

domain of bowtieinc.co is at the top

is at the top this is the primary identity of your

this is the primary identity of your organization at the domain level this is

organization at the domain level this is where you manage your users in your

where you manage your users in your organizations

organizations so users policies and these are linked

so users policies and these are linked to g suite or cloud identity accounts

to g suite or cloud identity accounts now underneath the domain level we have

now underneath the domain level we have the organization level and this is

the organization level and this is integrated very closely with the domain

integrated very closely with the domain so with the organization level this

so with the organization level this represents an organization and is the

represents an organization and is the root node of the gcp resource hierarchy

root node of the gcp resource hierarchy it is associated with exactly one domain

it is associated with exactly one domain here we have the domain set as bowtie

here we have the domain set as bowtie inc

inc all entities or resources

all entities or resources belong to and are grouped under the

belong to and are grouped under the organization

organization all controlled policies applied to the

all controlled policies applied to the organization

organization are inherited by all other entities and

are inherited by all other entities and resources underneath it so any folders

resources underneath it so any folders projects or resources will get those

projects or resources will get those policies that are applied from the

policies that are applied from the organization layer now i know that we

organization layer now i know that we haven't dug into roles as of yet

haven't dug into roles as of yet but the one thing that i did want to

but the one thing that i did want to point out is that when an organization

point out is that when an organization is created

is created an organization admin role is created

an organization admin role is created and this is to allow full access to edit

and this is to allow full access to edit any or all resources

any or all resources now moving on to the folders layer this

now moving on to the folders layer this is an additional grouping mechanism and

is an additional grouping mechanism and isolation boundary between each project

isolation boundary between each project in essence

in essence it's a grouping of other folders

it's a grouping of other folders projects and resources so if you have

projects and resources so if you have different departments and teams within a

different departments and teams within a company

company this is a great way to organize it now a

this is a great way to organize it now a couple of caveats when it comes to

couple of caveats when it comes to folders

folders the first one is you must have an

the first one is you must have an organization node and the second one is

organization node and the second one is while a folder can contain multiple

while a folder can contain multiple folders or resources

folders or resources a folder or resource can have exactly

a folder or resource can have exactly one parent

one parent now moving into the projects layer this

now moving into the projects layer this is a core organizational component of

is a core organizational component of google cloud as projects are required to

google cloud as projects are required to use service level resources

use service level resources these projects are the base level

these projects are the base level organizing entity in gcp

organizing entity in gcp and parent all service level resources

and parent all service level resources just as a note

just as a note any given resource can only exist in one

any given resource can only exist in one project and not multiple projects at the

project and not multiple projects at the same time and moving on to the last

same time and moving on to the last layer we have the resources layer and

layer we have the resources layer and this is any service level resource

this is any service level resource created in google cloud

created in google cloud everything from compute engine instances

everything from compute engine instances to cloud storage buckets to cloud sql

to cloud storage buckets to cloud sql databases apis users

databases apis users all these service level resources that

all these service level resources that we create in google cloud fall under

we create in google cloud fall under this layer now giving the hierarchy a

this layer now giving the hierarchy a little bit more context i want to touch

little bit more context i want to touch on labels for just a second

on labels for just a second labels help categorize resources by

labels help categorize resources by using a key value pair and you can

using a key value pair and you can attach them to any resource

attach them to any resource and so what labels help you do is to

and so what labels help you do is to break down and organize costs when it

break down and organize costs when it comes to billing now to give you some

comes to billing now to give you some more structure with regards to the

more structure with regards to the hierarchy

hierarchy under the domain level

under the domain level everything underneath this is considered

everything underneath this is considered a resource

a resource and to break it down even further

and to break it down even further everything you see from the organization

everything you see from the organization layer to the projects layer is

layer to the projects layer is considered an account level resource

considered an account level resource everything in the resource layer is

everything in the resource layer is considered a service level resource and

considered a service level resource and so this is how the google cloud resource

so this is how the google cloud resource hierarchy is split up and organized and

hierarchy is split up and organized and so before i finish off this lesson i

so before i finish off this lesson i wanted to give you a quick run-through

wanted to give you a quick run-through on how policies can be applied at a

on how policies can be applied at a hierarchical level

hierarchical level so i thought i'd bring in tony bowtie

so i thought i'd bring in tony bowtie for a quick demo

for a quick demo so just to give you an example

so just to give you an example tony bowtie is part of department b and

tony bowtie is part of department b and tony's manager lark

tony's manager lark decides to set a policy on department

decides to set a policy on department b's folder and this policy grants

b's folder and this policy grants project owner role to tony at

project owner role to tony at bowtieinc.co so tony will have the

bowtieinc.co so tony will have the project owner role for project x and for

project owner role for project x and for project y at the same time

project y at the same time lark assigns laura at bowtieinc.co

lark assigns laura at bowtieinc.co cloud storage admin role on project x

cloud storage admin role on project x and thus she will only be able to manage

and thus she will only be able to manage cloud storage buckets in that project

cloud storage buckets in that project this hierarchy and permission

this hierarchy and permission inheritance comes up quite a bit not

inheritance comes up quite a bit not only in the exam but is something that

only in the exam but is something that should be carefully examined when

should be carefully examined when applying permissions

applying permissions anywhere within the hierarchy in your

anywhere within the hierarchy in your day-to-day role as an engineer

day-to-day role as an engineer applying permissions or policies to

applying permissions or policies to resources

resources with existing policies

with existing policies may not end up getting you the desired

may not end up getting you the desired results you're looking for and may have

results you're looking for and may have a chance to be overlooked now i hope

a chance to be overlooked now i hope these diagrams have given you some good

these diagrams have given you some good contacts with regards to resource

contacts with regards to resource hierarchy its structure and the

hierarchy its structure and the permissions applied down the chain now

permissions applied down the chain now that's all i have for this lesson on

that's all i have for this lesson on resource hierarchy so you can now mark

resource hierarchy so you can now mark this lesson as complete and let's move

this lesson as complete and let's move on to the next one

on to the next one [Music]

[Music] welcome back

welcome back in this lesson i will be covering a few

in this lesson i will be covering a few different topics that i will touch on

different topics that i will touch on when creating a new google cloud account

when creating a new google cloud account i will be covering going over the free

i will be covering going over the free tier and the always free options the

tier and the always free options the differences between them and a demo

differences between them and a demo showing how you can create your own free

showing how you can create your own free tier account as well i'll also be going

tier account as well i'll also be going into what you will need in order to

into what you will need in order to fulfill this demo so for the remainder

fulfill this demo so for the remainder of this course all the demos will run

of this course all the demos will run under the free tier now when i built

under the free tier now when i built this course i built it with budget in

this course i built it with budget in mind and having viewed on ways where i

mind and having viewed on ways where i can keep the price to a minimum while

can keep the price to a minimum while still keeping the demos extremely useful

still keeping the demos extremely useful and so the free tier falls within all

and so the free tier falls within all these guidelines and will help you learn

these guidelines and will help you learn without the high ticket price and so

without the high ticket price and so getting into a quick overview of the

getting into a quick overview of the differences between the free tier and

differences between the free tier and the always free option i have broken

the always free option i have broken them down here with their most

them down here with their most significant differences in the free tier

significant differences in the free tier google cloud offers you a 12 month free

google cloud offers you a 12 month free trial with a 300

trial with a 300 u.s credit this type of account ends

u.s credit this type of account ends when the credit is used or after the 12

when the credit is used or after the 12 months whichever happens first and so

months whichever happens first and so for those of you who are looking at

for those of you who are looking at taking advantage of this on a business

taking advantage of this on a business level unfortunately the free tier only

level unfortunately the free tier only applies to a personal account and cannot

applies to a personal account and cannot be attached to a business account now

be attached to a business account now moving over to the always free option

moving over to the always free option the always free option isn't a special

the always free option isn't a special program but it's a regular part of your

program but it's a regular part of your google cloud account it provides you

google cloud account it provides you limited access to many of the google

limited access to many of the google cloud resources free of charge and once

cloud resources free of charge and once these limits have been hit

these limits have been hit then you are charged at the regular per

then you are charged at the regular per second billing rate

second billing rate and i will show you a little bit later

and i will show you a little bit later how to monitor these credits so that you

how to monitor these credits so that you don't go over using this in conjunction

don't go over using this in conjunction with the free tier account is not

with the free tier account is not possible you have to have an upgraded

possible you have to have an upgraded billing account which can also include a

billing account which can also include a business account now there are a bunch

business account now there are a bunch more stipulations in this program and i

more stipulations in this program and i will include a link to both of them in

will include a link to both of them in the lesson text below for later viewing

the lesson text below for later viewing at your convenience

at your convenience now lastly before we get into the demo

now lastly before we get into the demo i wanted to go through a quick

i wanted to go through a quick run-through of exactly what's needed to

run-through of exactly what's needed to open up your free tier account

open up your free tier account so we're going to start off with a fresh

so we're going to start off with a fresh new gmail address so that it doesn't

new gmail address so that it doesn't conflict with any current gmail address

conflict with any current gmail address that you may have you're gonna need a

that you may have you're gonna need a credit card for verification and this is

credit card for verification and this is for google to make sure that you're an

for google to make sure that you're an actual human being and not a robot and

actual human being and not a robot and you won't be charged unless you go above

you won't be charged unless you go above the 300 credit limit as well i highly

the 300 credit limit as well i highly recommend going into a private browsing

recommend going into a private browsing session so whether you're using chrome

session so whether you're using chrome you would use an incognito session if

you would use an incognito session if you're using firefox you would use

you're using firefox you would use private browsing and in microsoft edge

private browsing and in microsoft edge you would be using the in private mode

you would be using the in private mode and so in order to start with this free

and so in order to start with this free trial you can head on over to the url

trial you can head on over to the url listed here and i'll also include this

listed here and i'll also include this in the lesson text so head on over to

in the lesson text so head on over to this url and i'll see you there in just

this url and i'll see you there in just a second

a second okay so here we are at the free trial

okay so here we are at the free trial url i'm here in google chrome in an

url i'm here in google chrome in an incognito session and so we're not going

incognito session and so we're not going to sign up we're going to go over here

to sign up we're going to go over here to create account you can just click on

to create account you can just click on create account

create account for myself because as i mentioned

for myself because as i mentioned earlier you're not able to create a free

earlier you're not able to create a free trial account with your business

trial account with your business so i'm going to click on for myself

so i'm going to click on for myself and it's going to bring you to this page

and it's going to bring you to this page where it says create your google account

where it says create your google account and you're going to go to create a new

and you're going to go to create a new gmail address instead

gmail address instead and now you're going to fill in all the

and now you're going to fill in all the necessary information that's needed in

necessary information that's needed in order to open up this new gmail account

once you're finished typing your password you can hit next

password you can hit next and now i got prompted for six digit

and now i got prompted for six digit verification code that i have to plug in

verification code that i have to plug in but in order to do that google needs my

but in order to do that google needs my telephone number so i'm gonna type that

telephone number so i'm gonna type that in now and just to let you know this

in now and just to let you know this verification is done to let google know

verification is done to let google know that you're not a bot and you're a real

that you're not a bot and you're a real human and google just sent me a

human and google just sent me a verification code

verification code and this is a one-time verification code

and this is a one-time verification code that i'm going to plug in

that i'm going to plug in and i'm going to hit verify

and i'm going to hit verify and you can plug in the necessary

and you can plug in the necessary information here for recovery email

information here for recovery email address your birthday and gender and

address your birthday and gender and this is so that google can authenticate

this is so that google can authenticate you in case you accidentally misplace

you in case you accidentally misplace your password

your password and then just hit next and here google

and then just hit next and here google gives you a little bit more information

gives you a little bit more information on what your number can be used for and

on what your number can be used for and so i'm going to go ahead and skip it

so i'm going to go ahead and skip it and of course we're going to read

and of course we're going to read through the terms of service and the

through the terms of service and the privacy policy

and as you can see we're almost there it shows here that we're

it shows here that we're signing up for the free trial i'm in

signing up for the free trial i'm in canada so

canada so depending on your country this may

depending on your country this may change of course i read the terms of

change of course i read the terms of service and i'm going to agree to it and

service and i'm going to agree to it and i don't really want any updates so you

i don't really want any updates so you can probably skip that and just hit

can probably skip that and just hit continue

and so this is all the necessary information that needs to be filled out

information that needs to be filled out for billing and so here under account

for billing and so here under account type be sure to click on individual as

type be sure to click on individual as opposed to business and again fill in

opposed to business and again fill in all the necessary information with

all the necessary information with regards to your address and your credit

regards to your address and your credit card details and once you fill that in

card details and once you fill that in you can click on start my free trial

and once you've entered in all that information you should be brought to

information you should be brought to this page with a prompt

this page with a prompt asking you exactly what you need with

asking you exactly what you need with regards to google cloud and you can just

regards to google cloud and you can just hit skip here

hit skip here and i'm going to zoom in here just see a

and i'm going to zoom in here just see a little better and so here you're left

little better and so here you're left with a checklist where you can go

with a checklist where you can go through all the different resources and

through all the different resources and it even gives you a checklist to go

it even gives you a checklist to go through but other than that we're in

through but other than that we're in and so just to verify that we're signed

and so just to verify that we're signed up for a free tier account i'm going to

up for a free tier account i'm going to go over to billing and i'm going to see

go over to billing and i'm going to see here that i have my free trial credit

here that i have my free trial credit and it says 411 dollars and due to the

and it says 411 dollars and due to the fact that my currency is in canadian

fact that my currency is in canadian dollars it's been converted from us

dollars it's been converted from us dollars and so we'll be going through

dollars and so we'll be going through billing in a later lesson

billing in a later lesson but right now we are actually logged in

but right now we are actually logged in and so that's all i wanted to cover for

and so that's all i wanted to cover for this lesson on how to sign up for your

this lesson on how to sign up for your free trial account

free trial account so you can now mark this lesson as

so you can now mark this lesson as complete and you can join me in the next

complete and you can join me in the next one

one where we will secure the account

where we will secure the account using a method called two-step

using a method called two-step verification

verification [Music]

[Music] welcome back

welcome back so in the last lesson we went ahead and

so in the last lesson we went ahead and created a brand new gcp account in this

created a brand new gcp account in this lesson we'll be discussing how to secure

lesson we'll be discussing how to secure that gcp account by following some best

that gcp account by following some best practices

practices whenever any account is created in

whenever any account is created in google cloud and this can be applied

google cloud and this can be applied with regards to personal accounts as

with regards to personal accounts as well as the super admin account as it's

well as the super admin account as it's always good to keep safety as a priority

always good to keep safety as a priority this lesson may be a refresher for those

this lesson may be a refresher for those who are a bit more advanced as for

who are a bit more advanced as for everyone else these steps could help you

everyone else these steps could help you from an attack on your account i'd first

from an attack on your account i'd first like to run you through a scenario of

like to run you through a scenario of the outcome on both secure and

the outcome on both secure and non-secure accounts

non-secure accounts as well as the different options that

as well as the different options that reside in google cloud

reside in google cloud when it comes to locking down your

when it comes to locking down your account i'll then run through a hands-on

account i'll then run through a hands-on demo in the console

demo in the console to show you how you can apply it

to show you how you can apply it yourself

yourself so in this specific scenario a username

so in this specific scenario a username and password is used to secure the

and password is used to secure the account

account here lark a trouble causing manager

here lark a trouble causing manager looks over the shoulder of tony bowtie

looks over the shoulder of tony bowtie while he plugs in his username and

while he plugs in his username and password

password so that he can later access his account

so that he can later access his account to wreak havoc on tony's reputation as

to wreak havoc on tony's reputation as tony leaves for coffee

tony leaves for coffee lark decides to log in and send a

lark decides to log in and send a company-wide email from tony's account

company-wide email from tony's account to change an already made decision about

to change an already made decision about next season's store opening in rome

next season's store opening in rome italy that would not look good for tony

italy that would not look good for tony it was that easy for lark to steal

it was that easy for lark to steal tony's password and in a real life

tony's password and in a real life scenario it would be that easy for

scenario it would be that easy for someone to steal your password now when

someone to steal your password now when someone steals your password they could

someone steals your password they could do even more devious things than what

do even more devious things than what lark did not just sending out harmful

lark did not just sending out harmful emails they could lock you out of your

emails they could lock you out of your account or even delete emails or

account or even delete emails or documents this is where two-step

documents this is where two-step verification comes in this can help keep

verification comes in this can help keep bad people out

bad people out even if they have your password two-step

even if they have your password two-step verification is an extra layer of

verification is an extra layer of security most people only have one layer

security most people only have one layer to protect their account which is their

to protect their account which is their password with two-step verification

password with two-step verification if a bad person hacks through your

if a bad person hacks through your password they'll still need your phone

password they'll still need your phone or security key to get into your account

or security key to get into your account so how two-step verification works is

so how two-step verification works is that sign-in will require something you

that sign-in will require something you know

know and something that you have

and something that you have the first one is to protect your account

the first one is to protect your account with something you know which will be

with something you know which will be your password and the second is

your password and the second is something that you have

something that you have which is your phone or security key

which is your phone or security key so whenever you sign into google you'll

so whenever you sign into google you'll enter your password as usual

enter your password as usual then a code will be sent to your phone

then a code will be sent to your phone via text

via text voice call or google's mobile app or if

voice call or google's mobile app or if you have a security key you can insert

you have a security key you can insert it into your computer's usb port

it into your computer's usb port codes can be sent in a text message or

codes can be sent in a text message or through a voice call depending on the

through a voice call depending on the setting you choose

setting you choose you can set up google authenticator or

you can set up google authenticator or another app that creates a one-time

another app that creates a one-time verification code which is great for

verification code which is great for when you're offline you would then enter

when you're offline you would then enter the verification code on the sign in

the verification code on the sign in screen to help verify that it is you

screen to help verify that it is you another way for verification is using

another way for verification is using google prompts and this can help protect

google prompts and this can help protect against sim swap or other phone number

against sim swap or other phone number based hacks google prompts are push

based hacks google prompts are push notifications you'll receive on android

notifications you'll receive on android phones that are signed into your google

phones that are signed into your google account or iphones with the gmail app or

account or iphones with the gmail app or google app that's signed into your

google app that's signed into your google account now you can actually skip

google account now you can actually skip a second step on trusted devices

a second step on trusted devices if you don't want to provide a second

if you don't want to provide a second verification step each time you sign in

verification step each time you sign in on your computer or your phone you can

on your computer or your phone you can check the box next to don't ask again on

check the box next to don't ask again on this computer and this is a great added

this computer and this is a great added feature if you are the only user on this

feature if you are the only user on this device

device this feature is not recommended if this

this feature is not recommended if this device is being used by multiple users

device is being used by multiple users security keys are another way to help

security keys are another way to help protect your google account from

protect your google account from phishing attacks when a hacker tries to

phishing attacks when a hacker tries to trick you into giving them your password

trick you into giving them your password or other personal information now a

or other personal information now a physical security key is a small device

physical security key is a small device that you can buy to help prove it's you

that you can buy to help prove it's you signing in when google needs to make

signing in when google needs to make sure that it's you

sure that it's you you can simply connect your key to your

you can simply connect your key to your computer and verify that it's you and

computer and verify that it's you and when you have no other way to verify

when you have no other way to verify your account you have the option of

your account you have the option of using backup codes and these are

using backup codes and these are one-time use codes that you can print or

one-time use codes that you can print or download and these are multiple sets of

download and these are multiple sets of eight-digit codes that you can keep in a

eight-digit codes that you can keep in a safe place in case you have no other

safe place in case you have no other options for verification i personally

options for verification i personally have found use in using these backup

have found use in using these backup codes as i have used them in past when

codes as i have used them in past when my phone died

my phone died so ever since lark's last email

so ever since lark's last email tony not only changed his password

tony not only changed his password but added a two-step verification to his

but added a two-step verification to his account so that only he would have

account so that only he would have access and would never have to worry

access and would never have to worry again about others looking over his

again about others looking over his shoulder to gain access to his account

shoulder to gain access to his account as tony leaves for coffee

as tony leaves for coffee lark tries to log in again but is

lark tries to log in again but is unsuccessful due to the two-step

unsuccessful due to the two-step verification in place tony has clearly

verification in place tony has clearly outsmarted the bad man in this scenario

outsmarted the bad man in this scenario and lark will have to look for another

and lark will have to look for another way to foil tony's plan to bring

way to foil tony's plan to bring greatness to bow ties across the globe

greatness to bow ties across the globe and this is a sure difference between

and this is a sure difference between having a secure account and a not so

having a secure account and a not so secure account and so now that i've gone

secure account and so now that i've gone through the theory of the two-step

through the theory of the two-step verification process i'm going to dive

verification process i'm going to dive into the console and implement it with

into the console and implement it with the hands-on demo just be aware that you

the hands-on demo just be aware that you can also do this through the gmail

can also do this through the gmail console but we're going to go ahead and

console but we're going to go ahead and do it through the google cloud console

do it through the google cloud console using the url you see here so whenever

using the url you see here so whenever you're ready feel free to join me in the

you're ready feel free to join me in the console

console and so here we are back in the console

and so here we are back in the console and over here on the top right hand

and over here on the top right hand corner you will find a user icon and you

corner you will find a user icon and you can simply click on it

can simply click on it and click over to your google account

and click over to your google account now i'm just going to zoom in for better

now i'm just going to zoom in for better viewing

viewing and so in order to enable two-step

and so in order to enable two-step verification we're gonna go over here to

verification we're gonna go over here to the menu on the left and click on

the menu on the left and click on security and under signing into google

security and under signing into google you will find two-step verification

you will find two-step verification currently it's off as well as using my

currently it's off as well as using my phone to sign in is off so i'm going to

phone to sign in is off so i'm going to click on this bar here for two-step

click on this bar here for two-step verification

verification and i definitely want to add an extra

and i definitely want to add an extra layer of security and i definitely want

layer of security and i definitely want to keep the bad guys out so i'm going to

to keep the bad guys out so i'm going to go ahead and click on the get started

go ahead and click on the get started button

button it'll ask me for my password

it'll ask me for my password and because i've entered my phone number

and because i've entered my phone number when i first signed up for the account

when i first signed up for the account it actually shows up here this is i

it actually shows up here this is i antony which is my iphone and so now i

antony which is my iphone and so now i can get a two-step verification here on

can get a two-step verification here on my iphone and again this is going to be

my iphone and again this is going to be a google prompt as it shows here but if

a google prompt as it shows here but if i wanted to change it to something else

i wanted to change it to something else i can simply click on show more options

i can simply click on show more options and here we have a security key as well

and here we have a security key as well as text message or voice call i highly

as text message or voice call i highly recommend the google prompt as it's

recommend the google prompt as it's super easy to use with absolutely no

super easy to use with absolutely no fuss and so as i always like to verify

fuss and so as i always like to verify what i've done i'm going to click on

what i've done i'm going to click on this try it now button and so because i

this try it now button and so because i wanted to show you exactly what a live

wanted to show you exactly what a live google prompt looks like i'm going to

google prompt looks like i'm going to bring up my phone here on the screen so

bring up my phone here on the screen so that you can take a look

that you can take a look and it actually sent me a google prompt

and it actually sent me a google prompt to my phone and i'm just going to go

to my phone and i'm just going to go ahead and open up my gmail app so i can

ahead and open up my gmail app so i can verify that it is indeed me that wants

verify that it is indeed me that wants to log in which i will accept

and so once i've accepted the google prompt another window will pop up asking

prompt another window will pop up asking me about a backup option and so i'll

me about a backup option and so i'll simply need my phone number

simply need my phone number and i can either get a text message or a

and i can either get a text message or a phone call and again you have other

phone call and again you have other options as well so you can use the

options as well so you can use the one-time backup codes which we discussed

one-time backup codes which we discussed earlier and you can print or download

earlier and you can print or download them but i usually like to use a text

them but i usually like to use a text message and so i'm going to use that

message and so i'm going to use that i'm going to send it to my phone

i'm going to send it to my phone and so just to verify it

and so just to verify it i'm gonna now plug in the one-time code

i'm gonna now plug in the one-time code that was sent to me

and then just hit next so the second step is the google prompt

so the second step is the google prompt it's my default and my backup options if

it's my default and my backup options if i can't get google prompt is a voice or

i can't get google prompt is a voice or text message and again this is for my

text message and again this is for my account antony gcloud ace at gmail.com

account antony gcloud ace at gmail.com sending it to my i antony device so turn

sending it to my i antony device so turn on two-step verification absolutely

on two-step verification absolutely and so there you have it there is

and so there you have it there is two-step verification enabled and if i

two-step verification enabled and if i wanted to change the available steps i

wanted to change the available steps i can do so here i can also edit it i can

can do so here i can also edit it i can edit my phone number and i can also set

edit my phone number and i can also set up any backup codes in case i need it in

up any backup codes in case i need it in my personal opinion two-step

my personal opinion two-step verification

verification is a must-have on any account best

is a must-have on any account best practice is to always do it for your

practice is to always do it for your super admin account which would be my

super admin account which would be my gmail account that i am currently signed

gmail account that i am currently signed up with but i find is a necessity for

up with but i find is a necessity for any other users and always make it a

any other users and always make it a policy for people to add two-step

policy for people to add two-step verification to their accounts i highly

verification to their accounts i highly recommend that you make it your best

recommend that you make it your best practice to do this in your role as an

practice to do this in your role as an engineer in any environment at any

engineer in any environment at any organization again two-step verification

organization again two-step verification will allow to keep you safe your users

will allow to keep you safe your users safe and your environment safe from any

safe and your environment safe from any malicious activities that could happen

malicious activities that could happen at any time and that's all i have for

at any time and that's all i have for this lesson on two-step verification and

this lesson on two-step verification and securing your account

securing your account so you can now mark this lesson as

so you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

one [Music]

[Music] welcome back

welcome back now there are many different ways in

now there are many different ways in which you can interact with google cloud

which you can interact with google cloud services and resources this lesson is an

services and resources this lesson is an overview of the gcp console and how you

overview of the gcp console and how you can interact with it using the graphical

can interact with it using the graphical user interface and so for this hands-on

user interface and so for this hands-on demo

demo i will be diving into how to navigate

i will be diving into how to navigate through the gcp console and point out

through the gcp console and point out some functions and features that you may

some functions and features that you may find helpful so with that being said

find helpful so with that being said let's dive in

let's dive in and so here we are back in the console

and so here we are back in the console up here you can see the free trial

up here you can see the free trial status and then i still have 410 credit

status and then i still have 410 credit again this is canadian dollars so i

again this is canadian dollars so i guess consider me lucky so i'm going to

guess consider me lucky so i'm going to go ahead over here and dismiss this

go ahead over here and dismiss this don't activate it because otherwise this

don't activate it because otherwise this will kill your free trial status and you

will kill your free trial status and you don't want to do that so i'm just going

don't want to do that so i'm just going to hit dismiss so over here on the main

to hit dismiss so over here on the main page you have a bunch of cards here that

page you have a bunch of cards here that will give you the status of your

will give you the status of your environment as well as the status of

environment as well as the status of what's happening within google cloud

what's happening within google cloud with these cards you can customize them

with these cards you can customize them by hitting this button over here

by hitting this button over here customize and you can turn them on or

customize and you can turn them on or off and you can go ahead and move these

off and you can go ahead and move these around if you'd like

and i'm going to put this up here as well i'm going to turn on my billing so

well i'm going to turn on my billing so i can keep track of exactly what my

i can keep track of exactly what my spend is i don't really need my get

spend is i don't really need my get starting card so i'm going to turn that

starting card so i'm going to turn that off as well as the documentation i'm

off as well as the documentation i'm going to turn that off as well

going to turn that off as well and the apis is always nice to have

and the apis is always nice to have as well up here on the project info this

as well up here on the project info this reflects the current project which is my

reflects the current project which is my first project

first project and the project name here is the same

and the project name here is the same the project id is showing and the

the project id is showing and the project number and i'm going to dive

project number and i'm going to dive deeper into that in another lesson also

deeper into that in another lesson also note that your cards will reflect

note that your cards will reflect exactly what it is that you're

exactly what it is that you're interacting with and so the more

interacting with and so the more resources that you dive into the cards

resources that you dive into the cards will end up showing up here

will end up showing up here and you can add them and turn them off

and you can add them and turn them off at will so i'm going to go up here and

at will so i'm going to go up here and click on done because i'm satisfied with

click on done because i'm satisfied with the way that things look

the way that things look here on my home page and over here to

here on my home page and over here to your left i wanted to focus on

your left i wanted to focus on all the services that are available in

all the services that are available in their own specific topics so for

their own specific topics so for instance all of compute

instance all of compute you will find app engine compute engine

you will find app engine compute engine kubernetes and so on so note that

kubernetes and so on so note that anything compute related you'll find

anything compute related you'll find them all grouped together also another

them all grouped together also another great feature is that you can pin

great feature is that you can pin exactly what it is that you use often so

exactly what it is that you use often so if i am a big user of app engine i can

if i am a big user of app engine i can pin this and it will move its way up to

pin this and it will move its way up to the top this way it saves me the time

the top this way it saves me the time from having to go and look for it every

from having to go and look for it every time i need it and if i'm using it

time i need it and if i'm using it constantly it's great to have a shortcut

constantly it's great to have a shortcut to unpin it i simply go back to the pin

to unpin it i simply go back to the pin and click on it again as well if i'd

and click on it again as well if i'd like to move the menu out of the way to

like to move the menu out of the way to get more screen real estate i can simply

get more screen real estate i can simply click on this hamburger button here

click on this hamburger button here and make it disappear and to bring it

and make it disappear and to bring it back i can just click on that again and

back i can just click on that again and i'll bring it back again now i know that

i'll bring it back again now i know that there's a lot of resources here to go

there's a lot of resources here to go through so if you're looking for

through so if you're looking for something specific you can always go up

something specific you can always go up to the search bar right here

to the search bar right here and simply type it in so if i'm looking

and simply type it in so if i'm looking for let's say cloud sql i can simply

for let's say cloud sql i can simply type in sql

type in sql and i can find it right here

and i can find it right here i can find the api and if anything

i can find the api and if anything associated with the word sql if i'm

associated with the word sql if i'm looking for cloud sql specifically i can

looking for cloud sql specifically i can simply type in

simply type in cloud sql

another thing to note is that if you want to go back to your homepage you can

want to go back to your homepage you can simply go up to the left hand corner

simply go up to the left hand corner here and click on the google cloud

here and click on the google cloud platform logo and it'll bring you right

platform logo and it'll bring you right back and right here under the google

back and right here under the google cloud platform logo you'll see another

cloud platform logo you'll see another set of tabs we have dashboard we also

set of tabs we have dashboard we also have activity and this will show all the

have activity and this will show all the latest activity that's been done

latest activity that's been done and because this is a brand new account

and because this is a brand new account i don't have much here now because this

i don't have much here now because this is my first time in activity this is

is my first time in activity this is going to take some time to index

going to take some time to index and in the meantime i wanted to show you

and in the meantime i wanted to show you filters

filters if this were a long list to go through

if this were a long list to go through where activity has been happening for

where activity has been happening for months i can filter through these

months i can filter through these activities either by user or by

activities either by user or by categories or by resource type as well

categories or by resource type as well as the date i can also combine these to

as the date i can also combine these to search for something really granular and

search for something really granular and beside the activity tab we have

beside the activity tab we have recommendations which is based on the

recommendations which is based on the recommender service and this service

recommender service and this service provides recommendations and insights

provides recommendations and insights for using resources on google cloud

for using resources on google cloud these recommendations and insights are

these recommendations and insights are on a per product or per service basis

on a per product or per service basis and they are based on machine learning

and they are based on machine learning and current resource usage a great

and current resource usage a great example of a recommendation is vm

example of a recommendation is vm instance right sizing so if the

instance right sizing so if the recommender service detects that a vm

recommender service detects that a vm instance is underutilized it will

instance is underutilized it will recommend changing the machine size so

recommend changing the machine size so that i can save some money and because

that i can save some money and because this is a fresh new account and i

this is a fresh new account and i haven't used any resources this is why

haven't used any resources this is why there is no recommendations for me so

there is no recommendations for me so going back to the home page

going back to the home page i want to touch on this projects menu

i want to touch on this projects menu for a second and as you can see here i

for a second and as you can see here i can select a project now if i had many

can select a project now if i had many different projects i can simply search

different projects i can simply search from each different one and so to cover

from each different one and so to cover the last part of the console i wanted to

the last part of the console i wanted to touch on this menu on the top right hand

touch on this menu on the top right hand corner here so clicking on this present

corner here so clicking on this present icon will reveal my free trial status

icon will reveal my free trial status which i dismissed earlier next to the

which i dismissed earlier next to the present we have a cloud shell icon and

present we have a cloud shell icon and this is where you can activate and bring

this is where you can activate and bring up the cloud shell which i will be

up the cloud shell which i will be diving into deeper in a later lesson and

diving into deeper in a later lesson and right next to it is the help button in

right next to it is the help button in case you need a shortcut to any

case you need a shortcut to any documentations or tutorials as well some

documentations or tutorials as well some keyboard shortcuts

keyboard shortcuts may help you be a little bit more

may help you be a little bit more efficient and you can always click on

efficient and you can always click on this and it'll show you exactly what you

this and it'll show you exactly what you need to know and so i'm going to close

need to know and so i'm going to close this

this and to move over to the next part in the

and to move over to the next part in the menu this is the notifications so any

menu this is the notifications so any activities that happen you will be

activities that happen you will be notified here and you can simply click

notified here and you can simply click on the bell and it'll show you a bunch

on the bell and it'll show you a bunch of different notifications for either

of different notifications for either resources that are created or any other

resources that are created or any other activities that may have happened now

activities that may have happened now moving on over

moving on over three buttons over here is the settings

three buttons over here is the settings and utilities button

and utilities button and over here you will find the

and over here you will find the preferences

preferences and under communication you will find

and under communication you will find product notifications and updates and

product notifications and updates and offers and you can turn them off or on

offers and you can turn them off or on depending on whether or not you want to

depending on whether or not you want to receive these notifications as well you

receive these notifications as well you have your language and region and you

have your language and region and you can personalize the cloud console as to

can personalize the cloud console as to whether or not you want to allow google

whether or not you want to allow google to track your activity and this is great

to track your activity and this is great for when you want recommendations so i'm

for when you want recommendations so i'm going to keep that checked off getting

going to keep that checked off getting back to some other options you will find

back to some other options you will find a link to downloads as well as cloud

a link to downloads as well as cloud partners and the terms of service

partners and the terms of service privacy and project settings and so to

privacy and project settings and so to cover the last topic i wanted to touch

cover the last topic i wanted to touch on is the actual google account button

on is the actual google account button and here you can add other user accounts

and here you can add other user accounts for when you log into the console with a

for when you log into the console with a different user as well as go straight to

different user as well as go straight to your google account and of course if

your google account and of course if you're using a computer that's used by

you're using a computer that's used by multiple users you can sign out here as

multiple users you can sign out here as well and so that's just a quick

well and so that's just a quick run-through of the console and so feel

run-through of the console and so feel free to poke around and get familiar

free to poke around and get familiar with exactly what's available in the

with exactly what's available in the console so that it's a lot easier for

console so that it's a lot easier for you to use and allow you to become more

you to use and allow you to become more efficient and so that's all i have for

efficient and so that's all i have for this lesson so you can now mark this

this lesson so you can now mark this lesson as complete and let's move on to

lesson as complete and let's move on to the next one

welcome back in this lesson i'm going to be going

in this lesson i'm going to be going through a breakdown of cloud billing and

through a breakdown of cloud billing and an overview of the various resources

an overview of the various resources that's involved with billing billing is

that's involved with billing billing is important to know

important to know and i'll be diving into the concepts

and i'll be diving into the concepts around billing and billing interaction

around billing and billing interaction over the next few lessons

over the next few lessons as well i'll be getting into another

as well i'll be getting into another demo going through the details on how to

demo going through the details on how to create

create edit

edit and delete a cloud billing account

and delete a cloud billing account now earlier on in the course i went over

now earlier on in the course i went over the resource hierarchy and how google

the resource hierarchy and how google cloud resources are broken down starting

cloud resources are broken down starting from the domain level down to their

from the domain level down to their resource level

resource level this lesson will focus strictly on the

this lesson will focus strictly on the billing account

billing account and payments profile

and payments profile and the breakdown are concepts that are

and the breakdown are concepts that are comprised within them

comprised within them so getting right into it let's start

so getting right into it let's start with the cloud billing account a cloud

with the cloud billing account a cloud billing account is a cloud level

billing account is a cloud level resource managed in the cloud console

resource managed in the cloud console this defines who pays for a given set of

this defines who pays for a given set of google cloud resources billing tracks

google cloud resources billing tracks all of the costs incurred by your google

all of the costs incurred by your google cloud usage as well it is connected to a

cloud usage as well it is connected to a google payments profile which includes a

google payments profile which includes a payment method defining on how you pay

payment method defining on how you pay for your charges a cloud billing account

for your charges a cloud billing account can be linked to one or more projects

can be linked to one or more projects and not to any one project specifically

and not to any one project specifically cloud billing also has billing specific

cloud billing also has billing specific roles and permissions to control

roles and permissions to control accessing and modifying billing related

accessing and modifying billing related functions that are established by

functions that are established by identity and access management cloud

identity and access management cloud billing is offered in two different

billing is offered in two different account types there is the self-service

account types there is the self-service or online account or you can also choose

or online account or you can also choose from the invoiced or offline payments

from the invoiced or offline payments when it comes to the self-service option

when it comes to the self-service option the payment method is usually a credit

the payment method is usually a credit or debit card and costs are charged

or debit card and costs are charged automatically to the specific payment

automatically to the specific payment method connected to the cloud billing

method connected to the cloud billing account and when you need access to your

account and when you need access to your invoices you can simply go to the cloud

invoices you can simply go to the cloud console and view them online now when it

console and view them online now when it comes to the invoice account first you

comes to the invoice account first you must be eligible for invoice billing

must be eligible for invoice billing once you are made eligible the payment

once you are made eligible the payment method used can be check or wire

method used can be check or wire transfer your invoices are sent by mail

transfer your invoices are sent by mail or electronically as well they're also

or electronically as well they're also available in the cloud console as well

available in the cloud console as well as the payment receipts

as the payment receipts now another cool feature of billing

now another cool feature of billing account is sub-accounts and these are

account is sub-accounts and these are intended for resellers so if you are a

intended for resellers so if you are a reseller you can use subaccounts to

reseller you can use subaccounts to represent your customers and make it

represent your customers and make it easy for chargebacks cloud billing

easy for chargebacks cloud billing subaccounts allow you to group charges

subaccounts allow you to group charges from projects together on a separate

from projects together on a separate section of your invoice and is linked

section of your invoice and is linked back to the master cloud billing account

back to the master cloud billing account on which your charges appear

on which your charges appear sub-accounts are designed to allow for

sub-accounts are designed to allow for customer separation and management so

customer separation and management so when it comes to ownership of a cloud

when it comes to ownership of a cloud billing account it is limited to a

billing account it is limited to a single organization

single organization it is possible though for a cloud

it is possible though for a cloud billing account to pay for projects that

billing account to pay for projects that belong to an organization that is

belong to an organization that is different than the organization that

different than the organization that owns the cloud billing account now one

owns the cloud billing account now one thing to note is that if you have a

thing to note is that if you have a project that is not linked to a billing

project that is not linked to a billing account you will have limited use of

account you will have limited use of products and services available for your

products and services available for your project that is projects that are not

project that is projects that are not linked to a billing account cannot use

linked to a billing account cannot use google cloud services that aren't free

google cloud services that aren't free and so now that we've gone through an

and so now that we've gone through an overview of the billing account let's

overview of the billing account let's take a quick step into the payments

take a quick step into the payments profile now the payments profile is a

profile now the payments profile is a google level resource managed at

google level resource managed at payments.google.com

payments.google.com the payments profile

the payments profile processes payments for all google

processes payments for all google services and not just for google cloud

services and not just for google cloud it connects to all of your google

it connects to all of your google services such as google ads as well as

services such as google ads as well as google cloud it stores information like

google cloud it stores information like your name address and who is responsible

your name address and who is responsible for the profile it stores your various

for the profile it stores your various payment methods like credit cards debit

payment methods like credit cards debit cards and bank accounts the payments

cards and bank accounts the payments profile

profile functions as a single pane of glass

functions as a single pane of glass where you can view invoices payment

where you can view invoices payment history and so on it also controls who

history and so on it also controls who can view and receive invoices for your

can view and receive invoices for your various cloud billing accounts and

various cloud billing accounts and products

products now one thing to note about payments

now one thing to note about payments profile is that there are two different

profile is that there are two different types of payment profiles the first one

types of payment profiles the first one is individual and that's when you're

is individual and that's when you're using your account for your own personal

using your account for your own personal payments if you register your payments

payments if you register your payments profile as an individual then only you

profile as an individual then only you can manage the profile you won't be able

can manage the profile you won't be able to add or remove users or change

to add or remove users or change permissions on the profile now if you

permissions on the profile now if you choose a business profile type you're

choose a business profile type you're paying on behalf of a business or

paying on behalf of a business or organization a business profile gives

organization a business profile gives you the flexibility to add other users

you the flexibility to add other users to the google payments profile you

to the google payments profile you manage so that more than one person can

manage so that more than one person can access or manage a payments profile all

access or manage a payments profile all users added to a business profile

users added to a business profile can then see the payment information on

can then see the payment information on that profile another thing to note is

that profile another thing to note is that once the profile type has been

that once the profile type has been selected it cannot be changed afterwards

selected it cannot be changed afterwards and so now that we've quickly gone

and so now that we've quickly gone through an overview of all the concepts

through an overview of all the concepts when it comes to billing i am now going

when it comes to billing i am now going to run through a short demo where i will

to run through a short demo where i will create a new billing account edit that

create a new billing account edit that billing account and show you how to

billing account and show you how to close a billing account so whenever

close a billing account so whenever you're ready join me in the console and

you're ready join me in the console and so here i am back in the console and so

so here i am back in the console and so the first thing i want to do is i want

the first thing i want to do is i want to make sure that i have the proper

to make sure that i have the proper permissions in order to create and edit

permissions in order to create and edit a new billing account so what i'm going

a new billing account so what i'm going to do is go over here to the hamburger

to do is go over here to the hamburger menu up here in the top left hand corner

menu up here in the top left hand corner and click on it

and click on it and go over to i am an admin and over to

and go over to i am an admin and over to iam

now don't worry i'm not going to get really deep into this i will be going

really deep into this i will be going over this in a later section where i'll

over this in a later section where i'll go through iam and roles but i wanted to

go through iam and roles but i wanted to give you a sense of exactly what you

give you a sense of exactly what you need with regards to permissions so now

need with regards to permissions so now that i'm here i'm going to be looking

that i'm here i'm going to be looking for a role that has to do with billing

for a role that has to do with billing so i'm simply going to go over here on

so i'm simply going to go over here on the left hand menu and click on roles

the left hand menu and click on roles and you'll have a slew of roles coming

and you'll have a slew of roles coming up

up and what you can do is filter through

and what you can do is filter through them just by simply typing in billing

them just by simply typing in billing into the filter table here at the top

into the filter table here at the top and as you can see here

and as you can see here there is billing account administrator

there is billing account administrator billing account creator and so on and so

billing account creator and so on and so forth and just to give you a quick

forth and just to give you a quick overview on these roles and so for the

overview on these roles and so for the billing account administrator this is a

billing account administrator this is a role that lets you manage billing

role that lets you manage billing accounts but not create them so if you

accounts but not create them so if you need to set budget alerts or manage

need to set budget alerts or manage payment methods you can use this role

payment methods you can use this role the billing account creator allows you

the billing account creator allows you to create new self-serve online billing

to create new self-serve online billing accounts the billing account user allows

accounts the billing account user allows you to link projects to billing accounts

you to link projects to billing accounts the billing account viewer allows you to

the billing account viewer allows you to view billing account cost information

view billing account cost information and transactions and lastly the project

and transactions and lastly the project billing manager allows you to link or

billing manager allows you to link or unlink the project to and from a billing

unlink the project to and from a billing account so as you can see these roles

account so as you can see these roles allow you to get pretty granular when it

allow you to get pretty granular when it comes to billing so i'm going to go back

comes to billing so i'm going to go back over to the left hand menu over on iam

over to the left hand menu over on iam and click on there and i want to be able

and click on there and i want to be able to check my specific role and what

to check my specific role and what permissions that i have or i will need

permissions that i have or i will need in order to create a new billing account

in order to create a new billing account and so if i click on this pencil it'll

and so if i click on this pencil it'll show me exactly

show me exactly what my role is and what it does and as

what my role is and what it does and as it says here i have full access to all

it says here i have full access to all resources which means that i am pretty

resources which means that i am pretty much good to go so i'm going to cancel

much good to go so i'm going to cancel out here

out here and i'm going to exit i am an admin

and i'm going to exit i am an admin so i'm going to click on the navigation

so i'm going to click on the navigation menu

menu and go over to billing

and go over to billing and so this billing account is tied to

and so this billing account is tied to the current project and because it's the

the current project and because it's the only billing account it's the one that

only billing account it's the one that shows up and so what i want to do is i

shows up and so what i want to do is i want to find out a little bit more

want to find out a little bit more information with regards to this billing

information with regards to this billing account so i'm going to move down the

account so i'm going to move down the menu and click on account management

menu and click on account management here i can see the billing account which

here i can see the billing account which is my billing account i can rename it if

is my billing account i can rename it if i'd like

i'd like and i can also see the projects that are

and i can also see the projects that are linked to this billing account so now

linked to this billing account so now that we've viewed all the information

that we've viewed all the information with regards to the my billing account

with regards to the my billing account i'm going to simply click on this menu

i'm going to simply click on this menu over here

over here and click on the arrow and go to manage

and click on the arrow and go to manage billing accounts and here it will bring

billing accounts and here it will bring me to all my billing accounts and

me to all my billing accounts and because i only have one is shown here my

because i only have one is shown here my billing account but if i had more than

billing account but if i had more than one they would show up here and so now

one they would show up here and so now in order for me to create this new

in order for me to create this new billing account i'm going to simply

billing account i'm going to simply click on create account

click on create account and i will be prompted with a name a

and i will be prompted with a name a country and a currency for my new

country and a currency for my new billing account and i'm actually going

billing account and i'm actually going to rename this billing account and i'm

to rename this billing account and i'm going to rename it to gcloud

going to rename it to gcloud ace

ace dash billing

dash billing i'm going to leave my country as canada

i'm going to leave my country as canada and my currency in canadian dollars and

and my currency in canadian dollars and i'm going to simply hit continue

and it's giving me the choice in my payments profile

payments profile and because i want to use the same

and because i want to use the same payments profile i'm just going to

payments profile i'm just going to simply leave everything as is but for

simply leave everything as is but for demonstration purposes

demonstration purposes over here you can click on the payments

over here you can click on the payments profile

profile and the little arrow right beside the

and the little arrow right beside the current profile will give me the option

current profile will give me the option to create a new payments profile

to create a new payments profile and we're going to leave that as is

and we're going to leave that as is under customer info i have the option of

under customer info i have the option of changing my address and i can click on

changing my address and i can click on this pencil icon and change it as well i

this pencil icon and change it as well i can go to payment methods and click on

can go to payment methods and click on the current payment method with that

the current payment method with that little arrow

little arrow and add a new credit or debit card and

and add a new credit or debit card and as i said before we're going to keep

as i said before we're going to keep things the way they are and just hit

things the way they are and just hit submit and enable billing

submit and enable billing now as you can see here i got a prompt

now as you can see here i got a prompt saying that a confirmation email will be

saying that a confirmation email will be sent within 48 hours now usually when

sent within 48 hours now usually when you're setting up a brand new billing

you're setting up a brand new billing profile with an already created payments

profile with an already created payments profile you'll definitely get a

profile you'll definitely get a confirmation email in less than 48 hours

confirmation email in less than 48 hours now in order for me to finish up this

now in order for me to finish up this demo i'm gonna wait until the new

demo i'm gonna wait until the new billing account shows up and continue

billing account shows up and continue with the demo from then and so here i am

with the demo from then and so here i am back in the billing console and it only

back in the billing console and it only took about 20 minutes and the gcloud ace

took about 20 minutes and the gcloud ace billing account has shown up and so with

billing account has shown up and so with part of this demo what i wanted to show

part of this demo what i wanted to show is how you can take a project and attach

is how you can take a project and attach it to a different billing account and so

it to a different billing account and so currently my only project is attached to

currently my only project is attached to the my billing account so now if i

the my billing account so now if i wanted to change my first project to my

wanted to change my first project to my gcloud ace dash billing account

gcloud ace dash billing account i can simply go over here to actions

i can simply go over here to actions click on the hamburger menu

click on the hamburger menu and go to change billing

and go to change billing here i'll be prompted to choose a

here i'll be prompted to choose a billing account and i can choose g cloud

billing account and i can choose g cloud a stash billing

a stash billing and then click on set account

and then click on set account and there it is my first project is now

and there it is my first project is now linked to g cloud a stash billing so if

linked to g cloud a stash billing so if i go back over to my billing accounts

i go back over to my billing accounts you can see here that my billing account

you can see here that my billing account currently has zero projects and g cloud

currently has zero projects and g cloud a stash billing has one project now just

a stash billing has one project now just as a quick note and i really want to

as a quick note and i really want to emphasize this

emphasize this is that if you're changing a billing

is that if you're changing a billing account for a project

account for a project and you are a regular user

and you are a regular user you will need the role of the billing

you will need the role of the billing account administrator

account administrator as well as the project owner role

as well as the project owner role so these two together will allow a

so these two together will allow a regular user to change a billing account

regular user to change a billing account for a project

for a project and so now what i want to do is i want

and so now what i want to do is i want to take the gcloud a stash billing and i

to take the gcloud a stash billing and i want to close that account

want to close that account but before i do that i need to unlink

but before i do that i need to unlink this project and bring it back to

this project and bring it back to another billing account which in this

another billing account which in this case would be my billing account so i'm

case would be my billing account so i'm going to go back up here to the menu

going to go back up here to the menu click on my projects and we're going to

click on my projects and we're going to do the exact same thing that we did

do the exact same thing that we did before

before under actions i'm going to click on the

under actions i'm going to click on the hamburger menu and change billing

hamburger menu and change billing i'm going to get the prompt again and

i'm going to get the prompt again and under billing account i'm going to

under billing account i'm going to choose my billing account and then click

choose my billing account and then click on set account

on set account so as you can see the project has been

so as you can see the project has been moved to a different billing account i'm

moved to a different billing account i'm going to go back to my billing accounts

going to go back to my billing accounts and as you can see here the project is

and as you can see here the project is back to my billing account and so now

back to my billing account and so now that the project is unlinked from the

that the project is unlinked from the gcloud a stash billing account i can now

gcloud a stash billing account i can now go ahead and close out that account now

go ahead and close out that account now in order to do that i'm going to click

in order to do that i'm going to click on gcloud a stash billing i'm going to

on gcloud a stash billing i'm going to go down here on the hand menu all the

go down here on the hand menu all the way to the bottom to account management

way to the bottom to account management click on there and at the top here you

click on there and at the top here you will see close billing account i'm going

will see close billing account i'm going to simply click on that and i'll get a

to simply click on that and i'll get a prompt that i've spent zero dollars and

prompt that i've spent zero dollars and is linked to zero projects

is linked to zero projects now if i did have a project that was

now if i did have a project that was linked to this billing account i would

linked to this billing account i would have to unlink the project before i was

have to unlink the project before i was able to close this billing account so as

able to close this billing account so as a failsafe i'm being asked to type close

a failsafe i'm being asked to type close in order to close this billing account

in order to close this billing account so i'm going to go ahead and do that now

so i'm going to go ahead and do that now and click on close billing account just

and click on close billing account just as a note google gives me the option to

as a note google gives me the option to reopen this billing account in case i

reopen this billing account in case i did this by mistake and i really needed

did this by mistake and i really needed it

it i can reopen this billing account so now

i can reopen this billing account so now moving back over to billing you'll see

moving back over to billing you'll see here

here that i'm left with my single billing

that i'm left with my single billing account called my billing account with

account called my billing account with the one project that's linked to it and

the one project that's linked to it and so that covers my demo on creating

so that covers my demo on creating editing and closing a new billing

editing and closing a new billing account as well as linking and unlinking

account as well as linking and unlinking a project to and from a different

a project to and from a different billing account so i hope you found this

billing account so i hope you found this useful

useful and you can now mark this lesson as

and you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

one [Music]

[Music] welcome back

welcome back in this lesson i'm going to be going

in this lesson i'm going to be going over controlling costs in google cloud

over controlling costs in google cloud along with budget alerts

along with budget alerts i will be touching on all the available

i will be touching on all the available discounts the number of ways to control

discounts the number of ways to control costs

costs and go over budget alerts to get a more

and go over budget alerts to get a more granular and programmatic approach so

granular and programmatic approach so starting off i wanted to touch on

starting off i wanted to touch on committed use discounts now committed

committed use discounts now committed use discounts provide discounted prices

use discounts provide discounted prices in exchange for your commitment to use a

in exchange for your commitment to use a minimum level of resources for a

minimum level of resources for a specified term the discounts are

specified term the discounts are flexible cover a wide range of resources

flexible cover a wide range of resources and are ideal for workloads with

and are ideal for workloads with predictable resource needs when you

predictable resource needs when you purchase google cloud committed use

purchase google cloud committed use discounts you commit to a consistent

discounts you commit to a consistent amount of usage for a one or three year

amount of usage for a one or three year period there are two commitment types

period there are two commitment types available

available and as you can see here they are spend

and as you can see here they are spend based and resource based commitment

based and resource based commitment types

types and unlike most other providers the

and unlike most other providers the commitment fee is billed monthly so

commitment fee is billed monthly so going over the specific commitment types

going over the specific commitment types i wanted to start off with spend based

i wanted to start off with spend based commitment now for spend based

commitment now for spend based commitment you commit to a consistent

commitment you commit to a consistent amount of usage measured in dollars per

amount of usage measured in dollars per hour

hour of equivalent on-demand spend for a one

of equivalent on-demand spend for a one or three year term in exchange you

or three year term in exchange you receive a discounted rate on the

receive a discounted rate on the applicable usage your commitment covers

applicable usage your commitment covers so you can purchase committed use

so you can purchase committed use discounts from any cloud billing account

discounts from any cloud billing account and the discount applies to any eligible

and the discount applies to any eligible usage in projects paid for by that cloud

usage in projects paid for by that cloud billing account any overage is charged

billing account any overage is charged at the on-demand rate spend based

at the on-demand rate spend based commitments can give you a 25 discount

commitments can give you a 25 discount off on-demand pricing for a one-year

off on-demand pricing for a one-year commitment and up to a 52 discount off

commitment and up to a 52 discount off of on-demand pricing for a three-year

of on-demand pricing for a three-year commitment now spend-based commitments

commitment now spend-based commitments are restricted to specific resources

are restricted to specific resources which is cloud sql database instances

which is cloud sql database instances and google cloud vmware engine

and google cloud vmware engine and this commitment

and this commitment applies to the cpu and memory usage for

applies to the cpu and memory usage for these available resources now the other

these available resources now the other committed use discount is the

committed use discount is the resource-based commitment

resource-based commitment so this discount is for a commitment to

so this discount is for a commitment to spend a minimum amount for compute

spend a minimum amount for compute engine resources in a particular region

engine resources in a particular region resource-based commitments are ideal for

resource-based commitments are ideal for predictable workloads when it comes to

predictable workloads when it comes to your vms

your vms when you purchase a committed use

when you purchase a committed use contract you purchase compute resources

contract you purchase compute resources such as vcpus

such as vcpus memory

memory gpus

gpus and local ssds and you purchase these at

and local ssds and you purchase these at a discounted price in return for

a discounted price in return for committing to paying for those resources

committing to paying for those resources for one or three years the discount is

for one or three years the discount is up to 57 percent for most resources like

up to 57 percent for most resources like machine types or gpus the discount is up

machine types or gpus the discount is up to 70 percent for memory optimized

to 70 percent for memory optimized machine types and you can purchase a

machine types and you can purchase a committed use contract for a single

committed use contract for a single project or purchase multiple contracts

project or purchase multiple contracts which you can share across many project

which you can share across many project by enabling shared discounts and sharing

by enabling shared discounts and sharing your committed use discounts across all

your committed use discounts across all your projects reduces the overhead of

your projects reduces the overhead of managing discounts on a per project

managing discounts on a per project basis

basis and maximizes your savings by pooling

and maximizes your savings by pooling all of your discounts across your

all of your discounts across your project's resource usage if you have

project's resource usage if you have multiple projects that share the same

multiple projects that share the same cloud billing account you can enable

cloud billing account you can enable committed use discount sharing so all of

committed use discount sharing so all of your projects within that cloud billing

your projects within that cloud billing account share all of your committed use

account share all of your committed use discount contracts and so your sustained

discount contracts and so your sustained use discounts are also pooled at the

use discounts are also pooled at the same time so touching on sustained use

same time so touching on sustained use discounts

discounts these are automatic discounts for

these are automatic discounts for running specific compute engine

running specific compute engine resources a significant portion of the

resources a significant portion of the billing month

billing month sustained use discounts apply to the

sustained use discounts apply to the general purpose

general purpose compute and memory optimize machine

compute and memory optimize machine types as well as sole tenant nodes and

types as well as sole tenant nodes and gpus again sustained use discounts are

gpus again sustained use discounts are applied automatically to usage within a

applied automatically to usage within a project separately for each region so

project separately for each region so there's no action required on your part

there's no action required on your part to enable these discounts so for example

to enable these discounts so for example when you're running one of these

when you're running one of these resources for more than let's say 25

resources for more than let's say 25 percent of the month

percent of the month compute engine automatically gives you a

compute engine automatically gives you a discount for every incremental minute

discount for every incremental minute that you use for that instance now

that you use for that instance now sustained use discounts automatically

sustained use discounts automatically apply to vms created by both google

apply to vms created by both google kubernetes engine and compute engine but

kubernetes engine and compute engine but unfortunately do not apply to vms

unfortunately do not apply to vms created using the app engine flexible

created using the app engine flexible environment as well as data flow and e2

environment as well as data flow and e2 machine types

machine types now to take advantage of the full

now to take advantage of the full discount you would create your vm

discount you would create your vm instances on the first day of the month

instances on the first day of the month as discounts reset at the beginning of

as discounts reset at the beginning of each month and so the following table

each month and so the following table shows the discount you get at each usage

shows the discount you get at each usage level of a vm instance these discounts

level of a vm instance these discounts apply for all machine types but don't

apply for all machine types but don't apply to preemptable instances and so

apply to preemptable instances and so sustained use discounts can save you up

sustained use discounts can save you up to a maximum of a 30 percent discount so

to a maximum of a 30 percent discount so another great way to calculate savings

another great way to calculate savings in google cloud is by using the gcp

in google cloud is by using the gcp pricing calculator this is a quick way

pricing calculator this is a quick way to get an estimate of what your usage

to get an estimate of what your usage will cost on google cloud so the gcp

will cost on google cloud so the gcp pricing calculator can help you identify

pricing calculator can help you identify the pricing for the resources that you

the pricing for the resources that you plan to use in your future architecture

plan to use in your future architecture so that you are able to calculate how

so that you are able to calculate how much your architecture will cost you

much your architecture will cost you this calculator holds the pricing for

this calculator holds the pricing for almost all resources encapsulated within

almost all resources encapsulated within gcp and so you can get a pretty good

gcp and so you can get a pretty good idea of what your architecture will cost

idea of what your architecture will cost you without having to find out the hard

you without having to find out the hard way this calculator can be found at the

way this calculator can be found at the url shown here and i will include this

url shown here and i will include this in the lesson text below now moving

in the lesson text below now moving right along to cloud billing budgets so

right along to cloud billing budgets so budgets enable you to track your actual

budgets enable you to track your actual spend

spend against your plan spend

against your plan spend after you've set a budget amount you set

after you've set a budget amount you set budget alert threshold rules that are

budget alert threshold rules that are used to trigger email notifications and

used to trigger email notifications and budget alert emails help you stay

budget alert emails help you stay informed about how your spend is

informed about how your spend is tracking against your budget this

tracking against your budget this example here is a diagram of a budget

example here is a diagram of a budget alert notification and is the default

alert notification and is the default functionality for any budget alert

functionality for any budget alert notifications

notifications now to get a little bit more granular

now to get a little bit more granular you can define the scope of the budget

you can define the scope of the budget so for example you can scope the budget

so for example you can scope the budget to apply to the spend of an entire cloud

to apply to the spend of an entire cloud billing account or get more granular to

billing account or get more granular to one or more projects

one or more projects and even down to a specific product you

and even down to a specific product you can set the budget amount to a total

can set the budget amount to a total that you specify

that you specify or base the budget amount on the

or base the budget amount on the previous month's spend when costs exceed

previous month's spend when costs exceed a percentage of your budget based on the

a percentage of your budget based on the rules that you set by default alert

rules that you set by default alert emails are sent to billing account

emails are sent to billing account administrators and billing account users

administrators and billing account users on the target cloud billing account and

on the target cloud billing account and again this is the default behavior of a

again this is the default behavior of a budget email notification

budget email notification now as said before the default behavior

now as said before the default behavior of a budget is to send alert emails to

of a budget is to send alert emails to billing account administrators and

billing account administrators and billing account users on the target

billing account users on the target cloud billing account when the budget

cloud billing account when the budget alert threshold rules trigger an email

alert threshold rules trigger an email notification now these email recipients

notification now these email recipients can be customized by using cloud

can be customized by using cloud monitoring to specify other people in

monitoring to specify other people in your organization to receive these

your organization to receive these budget alert emails a great example of

budget alert emails a great example of this would be a project manager or a

this would be a project manager or a director knowing how much spend has been

director knowing how much spend has been used up in your budget and the last

used up in your budget and the last concept i wanted to touch on when it

concept i wanted to touch on when it comes to cloud billing budgets is that

comes to cloud billing budgets is that you can also use pub sub for

you can also use pub sub for programmatic notifications to automate

programmatic notifications to automate your cost control response based on the

your cost control response based on the budget notification

budget notification you can also use pub sub in conjunction

you can also use pub sub in conjunction with billing budgets to automate cost

with billing budgets to automate cost management tasks and this will provide a

management tasks and this will provide a real-time status of the cloud billing

real-time status of the cloud billing budget and allow you to do things like

budget and allow you to do things like send notifications to slack or disable

send notifications to slack or disable billing to stop usage as well as

billing to stop usage as well as selectively control usage when budget

selectively control usage when budget has been met and so these are all the

has been met and so these are all the concepts that i wanted to cover when it

concepts that i wanted to cover when it came to cloud billing budgets now i know

came to cloud billing budgets now i know this lesson may have been a bit dry and

this lesson may have been a bit dry and not the most exciting service to dive

not the most exciting service to dive into but it is very important to know

into but it is very important to know both for the exam

both for the exam and for your role as an engineer when it

and for your role as an engineer when it comes to cutting costs in environments

comes to cutting costs in environments where your business owners deem

where your business owners deem necessary and so that's all i had for

necessary and so that's all i had for this lesson

this lesson so you can now mark this lesson as

so you can now mark this lesson as complete and please join me in the next

complete and please join me in the next one where i dive into the console and do

one where i dive into the console and do some hands-on demos when it comes to

some hands-on demos when it comes to committed use discounts

committed use discounts budget alerts and editing budget alerts

budget alerts and editing budget alerts as well as adding a little bit of

as well as adding a little bit of automation into the budgeting alerts

automation into the budgeting alerts [Music]

[Music] welcome back in the last lesson i went

welcome back in the last lesson i went over a few ways to do cost management

over a few ways to do cost management and the behaviors of budget alerts

and the behaviors of budget alerts in this lesson i will be doing a demo to

in this lesson i will be doing a demo to show you committed use discounts and

show you committed use discounts and reservations along with how to create

reservations along with how to create budget alerts

budget alerts and as well how to edit them so with

and as well how to edit them so with that being said let's dive in so now i'm

that being said let's dive in so now i'm going to start off with committed use

going to start off with committed use discounts in order to get there i'm

discounts in order to get there i'm going to find it in compute engine so

going to find it in compute engine so i'm going to simply go up here on the

i'm going to simply go up here on the top left hand corner back to the

top left hand corner back to the navigation menu

navigation menu i'm going to go down to compute engine

i'm going to go down to compute engine and i'm going to go over here to

and i'm going to go over here to committed use discounts

committed use discounts and as we discussed earlier these

and as we discussed earlier these commitments for compute engine are

commitments for compute engine are resource based and as you can see here

resource based and as you can see here we have hardware commitments and

we have hardware commitments and reservations now reservations i will get

reservations now reservations i will get into just a little bit later but with

into just a little bit later but with regards to hardware commitments we're

regards to hardware commitments we're going to get into that right now and as

going to get into that right now and as expected i have no current commitments

expected i have no current commitments so i'm going to go up to purchase

so i'm going to go up to purchase commitment and so i need to start off

commitment and so i need to start off with

with finding a name for this commitment and

finding a name for this commitment and so i'm going to name this commitment

so i'm going to name this commitment demo dash commitment

it's going to ask me for a region i'm going to keep it in us central one with

going to keep it in us central one with the commitment type here is where i can

the commitment type here is where i can select the type of machine that i'm

select the type of machine that i'm looking for so i can go into general

looking for so i can go into general purpose and 1 and 2

purpose and 1 and 2 and 2d e2 as well as memory optimize

and 2d e2 as well as memory optimize and compute optimized and so i'm going

and compute optimized and so i'm going to keep it at general purpose and one

to keep it at general purpose and one again the duration one or three years

again the duration one or three years and we get down to cores i can have as

and we get down to cores i can have as many vcpus as i'd like

many vcpus as i'd like so if i needed 10 i can do that and i'll

so if i needed 10 i can do that and i'll get a pop-up here on the right showing

get a pop-up here on the right showing me the estimated monthly total as well

me the estimated monthly total as well as an hourly rate for this specific vm

as an hourly rate for this specific vm with 10 cores i can also select the

with 10 cores i can also select the duration for three years and as expected

duration for three years and as expected i'll get a higher savings because i'm

i'll get a higher savings because i'm giving a bigger commitment so bring it

giving a bigger commitment so bring it back down to one year and let's put the

back down to one year and let's put the memory up to 64 gigabytes here i can add

memory up to 64 gigabytes here i can add gpus and i have quite a few to choose

gpus and i have quite a few to choose from as well as local ssds and here with

from as well as local ssds and here with the local ssds i can choose as many

the local ssds i can choose as many disks as i'd like as long as it's within

disks as i'd like as long as it's within my quota and each disk size is going to

my quota and each disk size is going to be 375 gigabytes so if you're looking

be 375 gigabytes so if you're looking into committed use discounts and using

into committed use discounts and using local ssds please keep that in mind

local ssds please keep that in mind again the reservation can be added here

again the reservation can be added here and i'll be getting into that in just a

and i'll be getting into that in just a second and now i don't want to actually

second and now i don't want to actually purchase it but i did want to show you

purchase it but i did want to show you exactly what a committed use discount

exactly what a committed use discount would look like and how you would apply

would look like and how you would apply it again here on the right hand side it

it again here on the right hand side it shows me the details of the estimated

shows me the details of the estimated monthly total and the hourly rate so i'm

monthly total and the hourly rate so i'm going to go over here and hit cancel

going to go over here and hit cancel and if i were to have applied it

and if i were to have applied it the commitment would show up here in

the commitment would show up here in this table and give me all the specified

this table and give me all the specified configurations

configurations of that instance right here now touching

of that instance right here now touching on reservations

on reservations reservations is when you reserve the vm

reservations is when you reserve the vm instances you need

instances you need so when the reservation has been placed

so when the reservation has been placed the reservation ensures that those

the reservation ensures that those resources are always available for you

resources are always available for you as some of you might know when you go to

as some of you might know when you go to spin up a new compute engine vm

spin up a new compute engine vm especially when it comes to auto scaling

especially when it comes to auto scaling instance groups the instances can

instance groups the instances can sometimes be delayed or unavailable now

sometimes be delayed or unavailable now the thing with reservations is that a vm

the thing with reservations is that a vm instance can only use a reservation if

instance can only use a reservation if its properties exactly match the

its properties exactly match the properties of the reservation which is

properties of the reservation which is why it's such a great pairing with

why it's such a great pairing with committed use discounts

committed use discounts so if you're looking to make a

so if you're looking to make a resource-based commitment and you always

resource-based commitment and you always want your instance available you can

want your instance available you can simply create a reservation attach it to

simply create a reservation attach it to the commitment and you will never have

the commitment and you will never have to worry about having the resources to

to worry about having the resources to satisfy your workload as they will

satisfy your workload as they will always be there so again going into

always be there so again going into create reservation it'll show me here

create reservation it'll show me here the name the description i can choose to

the name the description i can choose to use the reservation automatically or

use the reservation automatically or select a specific reservation the region

select a specific reservation the region and zone

and zone number of instances and here i can

number of instances and here i can specify the machine type or specify an

specify the machine type or specify an instance template and again this is

instance template and again this is another use case where if you need

another use case where if you need compute engine instances spun up due to

compute engine instances spun up due to auto scaling this is where reservations

auto scaling this is where reservations would apply so getting back to machine

would apply so getting back to machine type i can choose from vcpus

type i can choose from vcpus as well as the memory i can customize it

as well as the memory i can customize it i can add as many local ssds as my

i can add as many local ssds as my quotas will allow me and i can select my

quotas will allow me and i can select my interface type and i'm going to cancel

interface type and i'm going to cancel out of here now when it comes to

out of here now when it comes to committed use discounts and reservations

committed use discounts and reservations as it pertains to the exam

as it pertains to the exam i have not seen it but since this is an

i have not seen it but since this is an option to save money i wanted to make

option to save money i wanted to make sure that i included it in this lesson

sure that i included it in this lesson as this could be a great option for use

as this could be a great option for use in your environment so now that we

in your environment so now that we covered resource-based committed use

covered resource-based committed use discounts i wanted to move into spend

discounts i wanted to move into spend based commitments and so where you would

based commitments and so where you would find that would be over in billing

find that would be over in billing so again i'm going to go up to the

so again i'm going to go up to the navigation menu in the top left hand

navigation menu in the top left hand corner and go into billing

corner and go into billing now you'd think that you would find it

now you'd think that you would find it here under commitments but only when you

here under commitments but only when you have purchased a commitment will it

have purchased a commitment will it actually show up here but as you can see

actually show up here but as you can see here it's prompting us to go to the

here it's prompting us to go to the billing overview page

billing overview page so going back to the overview page

so going back to the overview page you'll find it

you'll find it down here on the right and so i can now

down here on the right and so i can now purchase a commitment and as we

purchase a commitment and as we discussed before

discussed before a spend based commitment can be used for

a spend based commitment can be used for either cloud sql or for vmware engine

either cloud sql or for vmware engine i select my billing account

i select my billing account the commitment name the period either

the commitment name the period either one year or three years and it also

one year or three years and it also shows me the discount which could help

shows me the discount which could help sway my decision as well as the region

sway my decision as well as the region as well as the hourly on-demand

as well as the hourly on-demand commitment now you're probably wondering

commitment now you're probably wondering what this is

what this is and as explained here this commitment is

and as explained here this commitment is based on the on-demand price

based on the on-demand price and once this is all filled out the

and once this is all filled out the commitment summary will be populated and

commitment summary will be populated and after you agree to all the terms and

after you agree to all the terms and services you can simply hit purchase

services you can simply hit purchase but i'm going to cancel out of here

but i'm going to cancel out of here and so that is an overview for the spend

and so that is an overview for the spend based commitment and again these

based commitment and again these committed use discounts i have not seen

committed use discounts i have not seen on the exam

on the exam but i do think that it's good to know

but i do think that it's good to know for your day-to-day environment if

for your day-to-day environment if you're looking to save money and really

you're looking to save money and really break down costs

break down costs so now that i've covered committed use

so now that i've covered committed use discounts and reservations

discounts and reservations i wanted to move over to budgets and

i wanted to move over to budgets and budget alerts and because i'm already on

budget alerts and because i'm already on the billing page all i need to do is go

the billing page all i need to do is go over here to the left hand menu and

over here to the left hand menu and click on budgets and alerts now setting

click on budgets and alerts now setting up a budget for yourself for this course

up a budget for yourself for this course would be a great idea especially for

would be a great idea especially for those who are cost conscious on how much

those who are cost conscious on how much you're spending with regards to your

you're spending with regards to your cloud usage and so we're to go ahead and

cloud usage and so we're to go ahead and create a new budget right now so let's

create a new budget right now so let's go up here to the top to create budget

go up here to the top to create budget and i'm going to be brought to a new

and i'm going to be brought to a new window where i can put in the name of

window where i can put in the name of the budget and i'm going to call this

the budget and i'm going to call this ace

ace dash budget and because i want to

dash budget and because i want to monitor all projects and all products

monitor all projects and all products i'm going to leave this as is but if you

i'm going to leave this as is but if you did have multiple projects you could get

did have multiple projects you could get a little bit more granular and the same

a little bit more granular and the same thing with products

so i'm going to go ahead and leave it as is and just click on next now under

is and just click on next now under budget type

budget type i can select from either a specified

i can select from either a specified amount or the last month's spend and so

amount or the last month's spend and so for this demo i'm going to keep it at

for this demo i'm going to keep it at specified amount

specified amount and because i want to be really

and because i want to be really conscious about how much i spend in this

conscious about how much i spend in this course i'm going to put in 10

course i'm going to put in 10 for my target amount i'm going to

for my target amount i'm going to include the credits and cost and then

include the credits and cost and then i'm going to click on next now these

i'm going to click on next now these threshold rules are where billing

threshold rules are where billing administrators will be emailed when a

administrators will be emailed when a certain percent of the budget is hit

certain percent of the budget is hit so if my spend happens to hit five

so if my spend happens to hit five dollars

dollars because i am a billing administrator i

because i am a billing administrator i will be sent an email telling me that my

will be sent an email telling me that my spend has hit five dollars i also have

spend has hit five dollars i also have the option of changing these percentages

the option of changing these percentages so if i decided to change it to forty

so if i decided to change it to forty percent

percent now my amount goes to four dollars and

now my amount goes to four dollars and this is done automatically so no need to

this is done automatically so no need to do any calculations

do any calculations but i'm going to keep this here at 50

but i'm going to keep this here at 50 percent

percent and vice versa if i wanted to change the

and vice versa if i wanted to change the amount

amount the percentage of budget will actually

the percentage of budget will actually change now with the trigger i actually

change now with the trigger i actually have the option of selecting forecasted

have the option of selecting forecasted or actual and so i'm going to keep it on

or actual and so i'm going to keep it on actual and if i want i can add more

actual and if i want i can add more threshold rules now i'm going to leave

threshold rules now i'm going to leave everything as is and just click on

everything as is and just click on finish

finish and now as you can see here i have a

and now as you can see here i have a budget name of ace budget now because

budget name of ace budget now because the budget name doesn't have to be

the budget name doesn't have to be globally unique in your environment you

globally unique in your environment you can name your budget exactly the same

can name your budget exactly the same and again it'll give me all the specific

and again it'll give me all the specific configurations that i filled out shows

configurations that i filled out shows me how much credits i've used and that's

me how much credits i've used and that's it and that's how you would create a

it and that's how you would create a budget alert now if i needed to edit it

budget alert now if i needed to edit it i can always go back to ace budget and

i can always go back to ace budget and here i can edit it but i'm not going to

here i can edit it but i'm not going to touch it and i'm just going to hit

touch it and i'm just going to hit cancel

cancel and so the last thing i wanted to show

and so the last thing i wanted to show you before we end this lesson is how to

you before we end this lesson is how to create another budget but being able to

create another budget but being able to send out the trigger alert emails to

send out the trigger alert emails to different users

different users and so in order to do that i'm going to

and so in order to do that i'm going to go back up here to create budget i'm

go back up here to create budget i'm going to name this to ace dash

going to name this to ace dash budget

budget dash

dash users i'm going to leave the rest as is

users i'm going to leave the rest as is i'm going to click on next again i'm

i'm going to click on next again i'm going to leave the budget type the way

going to leave the budget type the way it is the target amount i'm going to put

it is the target amount i'm going to put ten dollars

ten dollars leave the include credits and cost and

leave the include credits and cost and just click on next

just click on next and so here i'm going to leave the

and so here i'm going to leave the threshold rules the way they are and

threshold rules the way they are and right here under manage notifications

right here under manage notifications i'm going to click off link monitoring

i'm going to click off link monitoring email notification channels to this

email notification channels to this budget now because the email

budget now because the email notification channel needs cloud

notification channel needs cloud monitoring in order to work i am

monitoring in order to work i am prompted here to select a workspace

prompted here to select a workspace which is needed by cloud monitoring so

which is needed by cloud monitoring so because i have none i'm going to go

because i have none i'm going to go ahead and create one and so clicking on

ahead and create one and so clicking on managing monitoring workspaces will

managing monitoring workspaces will bring you to the documentation but in

bring you to the documentation but in order for me to get a workspace created

order for me to get a workspace created i need to go to cloud monitoring now

i need to go to cloud monitoring now workspace is the top level container

workspace is the top level container that is used to organize and control

that is used to organize and control access to your monitoring notification

access to your monitoring notification channels in order for your notification

channels in order for your notification channels to work they must belong to a

channels to work they must belong to a monitoring workspace so you need to

monitoring workspace so you need to create at least one workspace before

create at least one workspace before adding monitoring

adding monitoring notification channels and don't worry

notification channels and don't worry we'll be getting into greater depth with

we'll be getting into greater depth with regards to monitoring in a later section

regards to monitoring in a later section in this course so i'm going to go ahead

in this course so i'm going to go ahead and cancel this

and cancel this and i'm going to go up to the navigation

and i'm going to go up to the navigation menu

menu click on there

click on there and scroll down to monitoring

and then overview and this may take a minute to start up

minute to start up as the apis are being enabled and the

as the apis are being enabled and the default workspace for cloud monitoring

default workspace for cloud monitoring is being built

is being built okay and now that the monitoring api has

okay and now that the monitoring api has been enabled we are now in monitoring

been enabled we are now in monitoring the workspace that was created is my

the workspace that was created is my first project so now that we have our

first project so now that we have our monitoring workspace created i need to

monitoring workspace created i need to add the emails to the users that i want

add the emails to the users that i want the alerts to be sent out to and added

the alerts to be sent out to and added to the notification channel so in order

to the notification channel so in order to do that i'm going to go over here to

to do that i'm going to go over here to alerting and up here at the top i'm

alerting and up here at the top i'm going to click on edit notification

going to click on edit notification channels

channels and here as you can see are many

and here as you can see are many notification channels that you can

notification channels that you can enable by simply clicking on add new

enable by simply clicking on add new over here on the right so now what i'm

over here on the right so now what i'm looking for is under email i'm going to

looking for is under email i'm going to click on add new now here i can add the

click on add new now here i can add the new email address and so for me i'm

new email address and so for me i'm going to add antony

going to add antony at antonyt.com

at antonyt.com and you can add whatever email address

and you can add whatever email address you'd like

you'd like and under display name i'm going to add

and under display name i'm going to add billing admin

billing admin notification

and just click on save and as you can see my email has been

and as you can see my email has been added to the notification channel and so

added to the notification channel and so this is all i needed to do in order to

this is all i needed to do in order to move on to the next step and so now that

move on to the next step and so now that i've covered creating my monitoring

i've covered creating my monitoring workspace as well as adding another

workspace as well as adding another email to my email notification channels

email to my email notification channels i can now go back to billing and finish

i can now go back to billing and finish off my budget alert

create budget and we're gonna go through the same

and we're gonna go through the same steps

steps call this billing

call this billing alert

leave everything else as is and click on next

next i'm just going to change the target

i'm just going to change the target amount to 10

amount to 10 click on next

click on next i'm going to leave everything here as is

i'm going to leave everything here as is and i'm going to go back to click on

and i'm going to go back to click on link monitoring email notification

link monitoring email notification channels to this budget now if you

channels to this budget now if you notice when i click on select workspace

notice when i click on select workspace my first project shows up and here it

my first project shows up and here it will ask me for my notification channels

will ask me for my notification channels and because i've already set it up i can

and because i've already set it up i can simply click on it and you'll see the

simply click on it and you'll see the billing admin notification channel

billing admin notification channel and so if i didn't have this set up i

and so if i didn't have this set up i can always go to manage notification

can always go to manage notification channels and it'll bring me back to the

channels and it'll bring me back to the screen which you saw earlier

screen which you saw earlier and so now that that's set up i can

and so now that that's set up i can simply click on finish

simply click on finish and so now that i have a

and so now that i have a regular budget alert i also have another

regular budget alert i also have another budget alert that can go to a different

budget alert that can go to a different email so if you have a project manager

email so if you have a project manager or a director that you want to send

or a director that you want to send budget alerts to this is how you would

budget alerts to this is how you would do it and so that about covers this demo

do it and so that about covers this demo on committed use discounts reservations

on committed use discounts reservations budgets and budget alerts and so that's

budgets and budget alerts and so that's all i wanted to cover for this lesson

all i wanted to cover for this lesson so you can now mark this lesson as

so you can now mark this lesson as complete

complete and let's move on to the next one

and let's move on to the next one [Music]

[Music] welcome back

welcome back in this short lesson i will be covering

in this short lesson i will be covering the exporting of your billing data so

the exporting of your billing data so that you're able to analyze that data

that you're able to analyze that data and understand your spend at a more

and understand your spend at a more granular level

granular level i will also be going through a short

i will also be going through a short demo where i will show you how to enable

demo where i will show you how to enable the export billing feature and bring it

the export billing feature and bring it into bigquery to be analyzed

into bigquery to be analyzed now cloud billing export to bigquery

now cloud billing export to bigquery enables you to export granular google

enables you to export granular google cloud billing data such as usage

cloud billing data such as usage cost details and pricing data

cost details and pricing data automatically to a bigquery data set

automatically to a bigquery data set that you specify then you can access

that you specify then you can access your cloud billing data from bigquery

your cloud billing data from bigquery for detailed analysis

for detailed analysis or use a tool like data studio to

or use a tool like data studio to visualize your data just a quick note

visualize your data just a quick note here that billing export is not

here that billing export is not retroactive and this should be taken

retroactive and this should be taken into consideration when planning for

into consideration when planning for analysis on this data and so there are

analysis on this data and so there are two types of cloud billing data that you

two types of cloud billing data that you can export

can export there's the daily cost detail data

there's the daily cost detail data and the pricing data and these can be

and the pricing data and these can be selected right within the console

selected right within the console depending on your use case and so now

depending on your use case and so now that we've gone through exactly what

that we've gone through exactly what billing export is i wanted to get into a

billing export is i wanted to get into a demo and show you how to export your

demo and show you how to export your cloud billing data to bigquery and go

cloud billing data to bigquery and go through all the necessary steps to get

through all the necessary steps to get it enabled so when you're ready join me

it enabled so when you're ready join me in the console and so here we are back

in the console and so here we are back in the console and so in order to enable

in the console and so in order to enable billing export i'm going to be going to

billing export i'm going to be going to the billing page so i'm going to move up

the billing page so i'm going to move up to the top left hand corner to the

to the top left hand corner to the navigation menu

navigation menu and click on billing

and click on billing here in the left hand menu you'll see

here in the left hand menu you'll see billing export and you can just click on

billing export and you can just click on there

there and so for those just coming to billing

and so for those just coming to billing export for the first time there's a

export for the first time there's a quick summary of exactly what the

quick summary of exactly what the bigquery export is used for and as we

bigquery export is used for and as we discussed earlier there is an option for

discussed earlier there is an option for the daily cost detail and for pricing

the daily cost detail and for pricing and i'm going to use the daily cost

and i'm going to use the daily cost detail in this demo and export that data

detail in this demo and export that data to bigquery so the first step i'm going

to bigquery so the first step i'm going to do

to do is to click on edit settings and it's

is to click on edit settings and it's going to bring me to a new page where it

going to bring me to a new page where it will ask me for my project and this is

will ask me for my project and this is where my billing data is going to be

where my billing data is going to be stored but as you can see here i'm

stored but as you can see here i'm getting a prompt that says you need to

getting a prompt that says you need to create a bigquery data set first now the

create a bigquery data set first now the bigquery data set that is asking for is

bigquery data set that is asking for is where the billing data is going to be

where the billing data is going to be stored so in order to move forward with

stored so in order to move forward with my billing export i need to go to

my billing export i need to go to bigquery and set up a data set so i'm

bigquery and set up a data set so i'm going to simply click on this button

going to simply click on this button here that says go to bigquery

and it's going to bring me to the bigquery page where i'll be prompted

bigquery page where i'll be prompted with a big welcome note you can just

with a big welcome note you can just click on done and over here in the right

click on done and over here in the right hand side where it says create data set

hand side where it says create data set i'm just going to click on there and i'm

i'm just going to click on there and i'm going to create my new data set and so

going to create my new data set and so for my data set id i'm going to call

for my data set id i'm going to call this

this billing

billing export

export and just as a note with the data set id

and just as a note with the data set id you can't use any characters like

you can't use any characters like hyphens commas or periods and therefore

hyphens commas or periods and therefore i capitalize the b and the e now with

i capitalize the b and the e now with the data location the default location

the data location the default location is the us multi region but i can simply

is the us multi region but i can simply click on the drop down and have an

click on the drop down and have an option to store my data in a different

option to store my data in a different location

location but i'm going to keep it at default i

but i'm going to keep it at default i have the option of expiring this table

have the option of expiring this table in either a certain amount of days or to

in either a certain amount of days or to never expire as well when it comes to

never expire as well when it comes to encryption i'm going to leave it as

encryption i'm going to leave it as google manage key as opposed to a

google manage key as opposed to a customer manage key and i'll get into

customer manage key and i'll get into encryption and key management a little

encryption and key management a little later on in this course i'm going to go

later on in this course i'm going to go ahead and move right down to the bottom

ahead and move right down to the bottom and click on create data set

and click on create data set and now my data set has been created i

and now my data set has been created i can now see it over here on the left

can now see it over here on the left hand side menu where subtle poet 28400

hand side menu where subtle poet 28400 is the id for my project if i simply

is the id for my project if i simply click on the arrow beside it it'll show

click on the arrow beside it it'll show my billing export data set because

my billing export data set because there's nothing in it nothing is showing

there's nothing in it nothing is showing and so now that the data set is set up i

and so now that the data set is set up i can now go back to the billing export

can now go back to the billing export page and finish setting up my billing

page and finish setting up my billing export so with that being said i'm going

export so with that being said i'm going to go back up to the navigation menu

to go back up to the navigation menu head over to billing

head over to billing and go to billing export under daily

and go to billing export under daily cost detail i'm going to click on edit

cost detail i'm going to click on edit settings and because i have a data set

settings and because i have a data set already set up and since it's the only

already set up and since it's the only one it has been propagated in my billing

one it has been propagated in my billing export data set field if i had more data

export data set field if i had more data sets then i would be able to select them

sets then i would be able to select them here as well so i'm going to leave the

here as well so i'm going to leave the data set at billing export

data set at billing export and simply click on save

and simply click on save and so now that billing export has been

and so now that billing export has been enabled i'll be able to check on my

enabled i'll be able to check on my billing as it is updated each day as it

billing as it is updated each day as it says here and to go right to the data

says here and to go right to the data set i can simply click on this hot link

set i can simply click on this hot link and it'll bring me right to bigquery and

and it'll bring me right to bigquery and so there is one last step that still

so there is one last step that still needs to be done to enable the billing

needs to be done to enable the billing export to work and that is to enable the

export to work and that is to enable the bigquery data transfer service api so in

bigquery data transfer service api so in order to do that we need to go back to

order to do that we need to go back to the navigation menu

the navigation menu go into apis and services

go into apis and services into the dashboard

into the dashboard and now i'm going to do a search for the

and now i'm going to do a search for the bigquery data transfer service and i'm

bigquery data transfer service and i'm going to simply go up here to the top

going to simply go up here to the top search bar

search bar and simply type in bigquery

and simply type in bigquery and here it is bigquery data transfer

and here it is bigquery data transfer api i'm going to simply click on that

api i'm going to simply click on that and hit enable

and hit enable and this might take a minute and you may

and this might take a minute and you may be asked to create credentials over here

be asked to create credentials over here on the top right and you can simply

on the top right and you can simply ignore that as they are not currently

ignore that as they are not currently needed and so now that the bigquery data

needed and so now that the bigquery data transfer service api has been enabled

transfer service api has been enabled i'm now able to go over to bigquery and

i'm now able to go over to bigquery and take a look at my billing export data

take a look at my billing export data without any issues now it's going to

without any issues now it's going to take time to propagate but by the time i

take time to propagate but by the time i come here tomorrow the data will be

come here tomorrow the data will be fully propagated and i'll be able to

fully propagated and i'll be able to query the data as i see fit and so

query the data as i see fit and so although this is a short demo this is

although this is a short demo this is necessary to know for the exam

necessary to know for the exam as well being an engineer and looking to

as well being an engineer and looking to query your billing data you will now

query your billing data you will now have the knowledge in order to take the

have the knowledge in order to take the steps necessary that will allow you to

steps necessary that will allow you to do so and so that's all i have for this

do so and so that's all i have for this lesson and demo on export billing data

lesson and demo on export billing data so you can now mark this lesson as

so you can now mark this lesson as complete

complete and let's move on to the next one

welcome back in this hands-on demo i'm going to go

in this hands-on demo i'm going to go over apis in google cloud

over apis in google cloud now the google cloud platform is pretty

now the google cloud platform is pretty much run on apis

much run on apis whether it's in the console or the sdk

whether it's in the console or the sdk under the hood it's hitting the apis now

under the hood it's hitting the apis now some of you may be wondering what is an

some of you may be wondering what is an api

api well this is an acronym standing for

well this is an acronym standing for application programming interface and

application programming interface and it's a standard used amongst the

it's a standard used amongst the programming community in this specific

programming community in this specific context it is the programming interface

context it is the programming interface for google cloud services

for google cloud services and as i said before both the cloud sdk

and as i said before both the cloud sdk and the console are using apis under the

and the console are using apis under the hood and it provides similar

hood and it provides similar functionality now when using the apis

functionality now when using the apis directly it allows you to enable

directly it allows you to enable automation in your workflow by using the

automation in your workflow by using the software libraries that you use for your

software libraries that you use for your favorite programming language now as

favorite programming language now as seen in previous lessons

seen in previous lessons to use a cloud api

to use a cloud api you must enable it first so if i went to

you must enable it first so if i went to compute engine or when i was enabling

compute engine or when i was enabling monitoring

monitoring i had to enable the api so no matter the

i had to enable the api so no matter the service you're requesting here in google

service you're requesting here in google cloud and some of them may be even

cloud and some of them may be even linked together it always has to be

linked together it always has to be enabled in order to use it now getting a

enabled in order to use it now getting a little bit more granular when using an

little bit more granular when using an api you need to have a project so when

api you need to have a project so when you enable the api you enable it for

you enable the api you enable it for your project

your project using the permissions on the project and

using the permissions on the project and permissions on the api to enable it now

permissions on the api to enable it now since this is a demo i want to go over

since this is a demo i want to go over to the navigation menu and go straight

to the navigation menu and go straight into apis and services

into apis and services and so here is the dashboard of the apis

and so here is the dashboard of the apis and services you can see the traffic

and services you can see the traffic here the errors and the latency with

here the errors and the latency with regards to these apis as well up here it

regards to these apis as well up here it has a time frame for the median latency

has a time frame for the median latency that you can select for a more granular

that you can select for a more granular search now when it comes to what is

search now when it comes to what is enabled already you can see list here of

enabled already you can see list here of the apis that are enabled and since we

the apis that are enabled and since we haven't done much there's only a few

haven't done much there's only a few apis that are enabled now this hands-on

apis that are enabled now this hands-on demo is not meant to go into depth with

demo is not meant to go into depth with apis but is merely an overview so that

apis but is merely an overview so that you understand what the apis are used

you understand what the apis are used for in context with google cloud if

for in context with google cloud if you'd like to go more in depth with

you'd like to go more in depth with regards to apis and possibly get

regards to apis and possibly get certified in it the apogee certification

certified in it the apogee certification with its corresponding lessons would be

with its corresponding lessons would be a great way to get a little bit more

a great way to get a little bit more understanding but for this demo we're

understanding but for this demo we're going to stick with this overview and so

going to stick with this overview and so in order to search for more apis that

in order to search for more apis that need to be enabled or if you're looking

need to be enabled or if you're looking for something specific

for something specific you can come up here to enable apis and

you can come up here to enable apis and services

services or you can do a quick search on the

or you can do a quick search on the search bar at the top of the page but

search bar at the top of the page but just as a quick glance i'm going to go

just as a quick glance i'm going to go into enable apis and services and so you

into enable apis and services and so you will be brought to a new page where you

will be brought to a new page where you will see the api library on the left you

will see the api library on the left you will see a menu where the apis are

will see a menu where the apis are categorized and all the apis that are

categorized and all the apis that are available when it comes to google cloud

available when it comes to google cloud and other google services so as you saw

and other google services so as you saw before when i needed to enable the api

before when i needed to enable the api for bigquery

for bigquery i would simply type in bigquery

i would simply type in bigquery and i can go to the api and since the

and i can go to the api and since the api is enabled there's nothing for me to

api is enabled there's nothing for me to do but if i needed to enable it i could

do but if i needed to enable it i could do that right there and just as a quick

do that right there and just as a quick note when going to a service that's

note when going to a service that's available in the console the api

available in the console the api automatically gets enabled when you go

automatically gets enabled when you go and use it for the first time and so

and use it for the first time and so again this is just a quick overview of

again this is just a quick overview of apis and the api library with regards to

apis and the api library with regards to google cloud a short yet important demo

google cloud a short yet important demo to understand the under workings of the

to understand the under workings of the cloud sdk and the console so just

cloud sdk and the console so just remember that when using any service in

remember that when using any service in google cloud

google cloud again you must enable the api in order

again you must enable the api in order to start using it and so that about

to start using it and so that about wraps up this demo for cloud apis so you

wraps up this demo for cloud apis so you can now mark this lesson as complete and

can now mark this lesson as complete and let's move on to the next one

let's move on to the next one [Music]

[Music] welcome back

welcome back in this demo i'll be creating and

in this demo i'll be creating and setting up a new gmail user as an admin

setting up a new gmail user as an admin user for use moving ahead in this course

user for use moving ahead in this course as well as following google's best

as well as following google's best practices we need a user that has lesser

practices we need a user that has lesser privileges than the user account that we

privileges than the user account that we set up previously and i'll be going

set up previously and i'll be going through a full demo to show you how to

through a full demo to show you how to configure it

configure it now in a google cloud setup that uses a

now in a google cloud setup that uses a g suite or cloud identity account a

g suite or cloud identity account a super administrator account is created

super administrator account is created to administer the domain this super

to administer the domain this super admin account has irrevocable

admin account has irrevocable administrative permissions

administrative permissions that should not be used for day-to-day

that should not be used for day-to-day administration this means that no

administration this means that no permissions can be taken away from this

permissions can be taken away from this account and has the power to grant

account and has the power to grant organization admin role

organization admin role or any other role for that matter and

or any other role for that matter and recover accounts at the domain level

recover accounts at the domain level which makes this account extremely

which makes this account extremely powerful now since i do not have a

powerful now since i do not have a domain setup or using a g suite or cloud

domain setup or using a g suite or cloud identity account i don't need to worry

identity account i don't need to worry about a super admin account in this

about a super admin account in this specific environment as gmail accounts

specific environment as gmail accounts are standalone accounts that are meant

are standalone accounts that are meant to be personal and hold no organization

to be personal and hold no organization and usually start at the project level

and usually start at the project level and so to explain it in a bit more

and so to explain it in a bit more detail

detail i have a diagram here showing the two

i have a diagram here showing the two different accounts i will be using

different accounts i will be using and the structure behind it

and the structure behind it now as we discussed before billing

now as we discussed before billing accounts have the option of paying for

accounts have the option of paying for projects in a different organization so

projects in a different organization so when creating new projects using the two

when creating new projects using the two different gmail accounts they were

different gmail accounts they were created without any organization and so

created without any organization and so each account is standalone and can

each account is standalone and can create their own projects now what makes

create their own projects now what makes them different is that the antony gcloud

them different is that the antony gcloud ace account owns the billing account and

ace account owns the billing account and is set as a billing account

is set as a billing account administrator and the tony bowtie ace

administrator and the tony bowtie ace account is a billing account user that

account is a billing account user that is able to link projects to that billing

is able to link projects to that billing account but does not hold full access to

account but does not hold full access to billing

billing so in the spirit of sticking to the

so in the spirit of sticking to the principle of lease privilege

principle of lease privilege i will be using the tony bowtie ace

i will be using the tony bowtie ace account that i had created earlier with

account that i had created earlier with lesser privileges on billing it will

lesser privileges on billing it will still give me all the permissions i need

still give me all the permissions i need to create edit and delete resources

to create edit and delete resources without all the powerful permissions

without all the powerful permissions needed for billing i will be assigning

needed for billing i will be assigning this new gmail user the billing account

this new gmail user the billing account user role and it will allow you to

user role and it will allow you to achieve everything you need to build for

achieve everything you need to build for the remainder of the course

the remainder of the course so just as a review i will be using a

so just as a review i will be using a new google account that i have created

new google account that i have created or if you'd like you can use a

or if you'd like you can use a pre-existing google account and as

pre-existing google account and as always i recommend enabling two-step

always i recommend enabling two-step verification on your account

verification on your account as this user will hold some powerful

as this user will hold some powerful permissions to access a ton of different

permissions to access a ton of different resources in google cloud

resources in google cloud so now that we've gone over the details

so now that we've gone over the details of the what and why for setting up this

of the what and why for setting up this second account let's head into the demo

second account let's head into the demo and get things started so whenever

and get things started so whenever you're ready join me over in the console

you're ready join me over in the console and so here i am back in the console and

and so here i am back in the console and so before switching over to my new user

so before switching over to my new user i need to assign the specific roles that

i need to assign the specific roles that i will need for that user which is the

i will need for that user which is the billing account user role so to assign

billing account user role so to assign this role to my new user i need to head

this role to my new user i need to head over to billing so i'm going to go back

over to billing so i'm going to go back up here to the left-hand corner

up here to the left-hand corner and click on the navigation menu

and click on the navigation menu and go to billing

and go to billing again in the left-hand menu i'm going to

again in the left-hand menu i'm going to move down to account management and

move down to account management and click on there and over here under my

click on there and over here under my billing account you will see that i have

billing account you will see that i have permissions assigned to one member of

permissions assigned to one member of the billing account administrator

the billing account administrator and as expected i am seeing anthony g

and as expected i am seeing anthony g cloud ace

cloud ace gmail.com and so i want to add another

gmail.com and so i want to add another member to my billing account so i'm

member to my billing account so i'm going to simply click on add members and

going to simply click on add members and here i will enter in my new second user

here i will enter in my new second user which is tony bowtie ace

which is tony bowtie ace gmail.com

and under select a role i'm going to move down to billing and over to billing

move down to billing and over to billing account user and as you can see here

account user and as you can see here this role billing account user will

this role billing account user will allow permissions to associate projects

allow permissions to associate projects with billing accounts which is exactly

with billing accounts which is exactly what i want to do

what i want to do and so i'm going to simply click on that

and so i'm going to simply click on that and simply click on save

and simply click on save and so now that i've assigned my second

and so now that i've assigned my second user the proper permissions that i

user the proper permissions that i needed i am now going to log out

needed i am now going to log out and log in as my new user by simply

and log in as my new user by simply going up to the right hand corner in the

going up to the right hand corner in the icon clicking on the icon and going to

icon clicking on the icon and going to add account by adding the account i'll

add account by adding the account i'll be able to switch back and forth between

be able to switch back and forth between the different users and i would only

the different users and i would only recommend this if you are the sole user

recommend this if you are the sole user of your computer if you are on a

of your computer if you are on a computer that has multiple users simply

computer that has multiple users simply sign out and sign back in again with

sign out and sign back in again with your different user

your different user and here i'm asked for the email which

and here i'm asked for the email which would be tony bowtie ace

would be tony bowtie ace gmail.com

gmail.com i'm gonna plug in my password

and it's going to ask me for my two-step verification

i'm going to click on yes and i should be in

and because it's my first time logging into google cloud with this user i get a

into google cloud with this user i get a prompt asking me to agree to the terms

prompt asking me to agree to the terms of service i'm going to agree to them

of service i'm going to agree to them and simply click on agree and continue

and simply click on agree and continue and so now i'm going to move back up to

and so now i'm going to move back up to overview and as you can see here i don't

overview and as you can see here i don't have the permissions to view costs for

have the permissions to view costs for this billing account and so all the

this billing account and so all the permissions assigned for the billing

permissions assigned for the billing account administrator which is antony g

account administrator which is antony g cloud ace is not applied to tony bowtie

cloud ace is not applied to tony bowtie ace and therefore things like budgets

ace and therefore things like budgets and alerts even billing exports i do not

and alerts even billing exports i do not have access to

have access to so moving forward in the course if you

so moving forward in the course if you need to access anything in billing that

need to access anything in billing that you currently don't have access to like

you currently don't have access to like budgets and alerts you can simply switch

budgets and alerts you can simply switch over to your other account and take care

over to your other account and take care of any necessary changes but what i do

of any necessary changes but what i do have access to is if i go up here to my

have access to is if i go up here to my billing account click on the drop down

billing account click on the drop down menu and click on manage billing

menu and click on manage billing accounts but as you can see here i do

accounts but as you can see here i do have access to view all the billing

have access to view all the billing accounts along with the projects that

accounts along with the projects that are linked to them now because these

are linked to them now because these gmail accounts are standalone accounts

gmail accounts are standalone accounts this project here that is owned by

this project here that is owned by antony gcloud ace i do not have access

antony gcloud ace i do not have access to in order to access the project i

to in order to access the project i would have to have permissions assigned

would have to have permissions assigned to me directly in order for me to

to me directly in order for me to actually view the project or possibly

actually view the project or possibly creating any resources within that

creating any resources within that project now if i go back to my home page

project now if i go back to my home page i can see here that i have no projects

i can see here that i have no projects available and therefore no resources

available and therefore no resources within my environment and so to kick it

within my environment and so to kick it off i'm going to create a new project

off i'm going to create a new project and so under project name i am going to

and so under project name i am going to call this

call this project tony

project tony and you can name your project whatever

and you can name your project whatever you'd like

you'd like under location i don't have any

under location i don't have any organization

organization and so therefore i'm just going to click

and so therefore i'm just going to click on create

on create and this may take a minute to

and this may take a minute to create and here we are with my first

create and here we are with my first project

project named project tony as well as my

named project tony as well as my notification came up saying that my

notification came up saying that my project has been created and so now that

project has been created and so now that this project has been created it should

this project has been created it should be linked to my billing account so in

be linked to my billing account so in order to verify this i'm going to go

order to verify this i'm going to go over into billing

and under the drop down i'm going to click on manage billing

i'm going to click on manage billing accounts

accounts and as you can see here the number of

and as you can see here the number of projects has gone from one to two and if

projects has gone from one to two and if i click on the menu up here under my

i click on the menu up here under my projects you can see that project tony

projects you can see that project tony is a project that is linked to my

is a project that is linked to my billing account i also have the

billing account i also have the permissions to either disable billing or

permissions to either disable billing or change billing for this specific project

change billing for this specific project yet in order to change billing i will

yet in order to change billing i will have to have another billing account but

have to have another billing account but there are no other billing accounts

there are no other billing accounts available

available and so moving forward i will only have

and so moving forward i will only have this one billing account and so any

this one billing account and so any projects i decide to create will be

projects i decide to create will be linked to this billing account and so

linked to this billing account and so this is a great example of trimming down

this is a great example of trimming down the permissions needed for different

the permissions needed for different users and even though this is not a

users and even though this is not a domain owned account but a personal

domain owned account but a personal account it's always recommended to

account it's always recommended to practice the principle of lease

practice the principle of lease privilege whenever you come across

privilege whenever you come across assigning permissions to any user now as

assigning permissions to any user now as i said before any billing related tasks

i said before any billing related tasks that you decide to do moving forward

that you decide to do moving forward you can simply switch over to your other

you can simply switch over to your other user and do the necessary changes and so

user and do the necessary changes and so that's all i have for this lesson

that's all i have for this lesson so you can now mark this lesson as

so you can now mark this lesson as complete

complete and let's move on to the next one

and let's move on to the next one [Music]

[Music] welcome back

welcome back in this short lesson i'm going to be

in this short lesson i'm going to be covering an overview of the cloud sdk

covering an overview of the cloud sdk and the command line interface as it is

and the command line interface as it is an essential component of interacting

an essential component of interacting with google cloud for the exam you will

with google cloud for the exam you will need to get familiar with the command

need to get familiar with the command line and the commands needed in order to

line and the commands needed in order to create

create modify and delete resources this is also

modify and delete resources this is also an extremely valuable tool for your tool

an extremely valuable tool for your tool belt in the world of being a cloud

belt in the world of being a cloud engineer as i have found that is a very

engineer as i have found that is a very common and easy way to implement small

common and easy way to implement small operations within google cloud as well

operations within google cloud as well as automating the complex ones so what

as automating the complex ones so what exactly is the cloud sdk

exactly is the cloud sdk well the cloud sdk is a set of command

well the cloud sdk is a set of command line tools

line tools that allows you to manage resources

that allows you to manage resources through the terminal in google cloud and

through the terminal in google cloud and includes commands such as gcloud

includes commands such as gcloud gsutil bq and cubectl using these

gsutil bq and cubectl using these commands

commands allow you to manage resources such as

allow you to manage resources such as compute engine

compute engine cloud storage bigquery kubernetes and so

cloud storage bigquery kubernetes and so many other resources these tools can be

many other resources these tools can be run interactively or through automated

run interactively or through automated scripts giving you the power and

scripts giving you the power and flexibility that you need to get the job

flexibility that you need to get the job done the cloud sdk is so powerful that

done the cloud sdk is so powerful that you can do everything that the console

you can do everything that the console can do yet has more options than the

can do yet has more options than the console you can use it for

console you can use it for infrastructure as code autocompletion

infrastructure as code autocompletion helps you finish all of your command

helps you finish all of your command line statements and for those of you who

line statements and for those of you who run windows the cloud sdk has got you

run windows the cloud sdk has got you covered with availability for powershell

covered with availability for powershell now in order to access google cloud

now in order to access google cloud platform you will usually have to

platform you will usually have to authorize google cloud sdk tools so to

authorize google cloud sdk tools so to grant authorization to cloud sdk tools

grant authorization to cloud sdk tools you can either use a user account or a

you can either use a user account or a service account now a user account is a

service account now a user account is a google account that allows end users to

google account that allows end users to authenticate directly to your

authenticate directly to your application for most common use cases on

application for most common use cases on a single machine using a user account is

a single machine using a user account is best practice now going the route of a

best practice now going the route of a service account this is a google account

service account this is a google account that is associated with your gcp project

that is associated with your gcp project and not a specific user a service

and not a specific user a service account can be used by providing a

account can be used by providing a service account key to your application

service account key to your application and is recommended to script cloud sdk

and is recommended to script cloud sdk tools for use on multiple machines now

tools for use on multiple machines now having installed the cloud sdk it comes

having installed the cloud sdk it comes with some built-in commands that allow

with some built-in commands that allow you to configure different options using

you to configure different options using gcloud init this initializes and

gcloud init this initializes and authorizes access and performs other

authorizes access and performs other common cloud sdk setup steps using some

common cloud sdk setup steps using some optional commands

optional commands gcloud auth login authorizes your access

gcloud auth login authorizes your access for gcloud with google user credentials

for gcloud with google user credentials and sets the current account as active

and sets the current account as active gcloud config

gcloud config is another optional configuration that

is another optional configuration that allows you to configure accounts and

allows you to configure accounts and projects as well gcloud components

projects as well gcloud components allow you to install

allow you to install update and delete

update and delete optional components of the sdk that give

optional components of the sdk that give you more flexibility with different

you more flexibility with different resources now after having installed the

resources now after having installed the cloud sdk almost all gcloud commands

cloud sdk almost all gcloud commands will follow a specific format shown here

will follow a specific format shown here is an example of this format and is

is an example of this format and is broken down through component

broken down through component entity

entity operation positional arguments and flags

operation positional arguments and flags and i'll be going through some specific

and i'll be going through some specific examples in the demonstration a little

examples in the demonstration a little bit later on and so that's all i wanted

bit later on and so that's all i wanted to cover in this overview of the cloud

to cover in this overview of the cloud sdk and the cli so you can now mark this

sdk and the cli so you can now mark this lesson as complete and you can join me

lesson as complete and you can join me in the next one where i go ahead and

in the next one where i go ahead and demonstrate installing the cloud sdk

demonstrate installing the cloud sdk [Music]

[Music] back in this demonstration i will show

back in this demonstration i will show you how to download install and

you how to download install and configure the cloud sdk and i will be

configure the cloud sdk and i will be using the quick start guide that lies in

using the quick start guide that lies in the cloud sdk documentation which holds

the cloud sdk documentation which holds all the steps for installing the cloud

all the steps for installing the cloud sdk on different operating systems and i

sdk on different operating systems and i will make sure to include it in the

will make sure to include it in the lesson text below this demo will show

lesson text below this demo will show you how to install the cloud sdk

you how to install the cloud sdk on each of the most common operating

on each of the most common operating systems

systems windows

windows mac os and ubuntu linux all you need to

mac os and ubuntu linux all you need to do is follow the process on each of the

do is follow the process on each of the pages and you should be well on your way

pages and you should be well on your way so with that being said let's get this

so with that being said let's get this demo started and bring the cloud sdk to

demo started and bring the cloud sdk to life by getting it all installed and

life by getting it all installed and configured for your specific operating

configured for your specific operating system

system so as i explained before i'm gonna go

so as i explained before i'm gonna go ahead and install the cloud sdk

ahead and install the cloud sdk on each of the three different operating

on each of the three different operating systems

systems windows mac os and ubuntu linux and i

windows mac os and ubuntu linux and i will be installing it with the help of

will be installing it with the help of the quick start guide that you see here

the quick start guide that you see here and as i said before i'll be including

and as i said before i'll be including this link in the lesson text and so to

this link in the lesson text and so to kick off this demo i wanted to start by

kick off this demo i wanted to start by installing the cloud sdk on windows so

installing the cloud sdk on windows so i'm going to move over to my windows

i'm going to move over to my windows virtual machine and i'm going to open up

virtual machine and i'm going to open up a browser and i'm going to paste in the

a browser and i'm going to paste in the link for the quick start guide

link for the quick start guide and you can click on either link for the

and you can click on either link for the quick start for windows and each quick

quick start for windows and each quick start page will give me the instructions

start page will give me the instructions of exactly what i need to do for each

of exactly what i need to do for each operating system so now it says that we

operating system so now it says that we need to have a project created which i

need to have a project created which i did in the last lesson which is project

did in the last lesson which is project tony so next i'm going to download the

tony so next i'm going to download the cloud sdk installer

cloud sdk installer so i'm going to click on there

so i'm going to click on there and i'll see a prompt in the bottom left

and i'll see a prompt in the bottom left hand corner that the installer has been

hand corner that the installer has been downloaded i'm going to click on it to

downloaded i'm going to click on it to open the file and i'm going to be

open the file and i'm going to be prompted to go through this wizard and

prompted to go through this wizard and so i'm just going to click on next

so i'm just going to click on next i'm going to agree to the terms of the

i'm going to agree to the terms of the agreement it's going to be for just me

agreement it's going to be for just me anthony and my destination folder i'll

anthony and my destination folder i'll keep it as is and here's all the

keep it as is and here's all the components that it's going to install

components that it's going to install i'm going to keep the beta commands

i'm going to keep the beta commands unchecked as i don't really need them

unchecked as i don't really need them and if i need them later then i can

and if i need them later then i can install that component for those who are

install that component for those who are more experienced or even a bit curious

more experienced or even a bit curious you could click on the beta commands and

you could click on the beta commands and take it for a test drive but i'm going

take it for a test drive but i'm going to keep it off and i'm going to click

to keep it off and i'm going to click install and depending on the power of

install and depending on the power of your machine

your machine it should take anywhere from two to five

it should take anywhere from two to five minutes to install and the google cloud

minutes to install and the google cloud sdk has been installed and so i'm just

sdk has been installed and so i'm just going to click on next and as shown here

going to click on next and as shown here in the documentation you want to make

in the documentation you want to make sure that you have all your options

sure that you have all your options checked off is to create a start menu

checked off is to create a start menu shortcut a desktop shortcut you want to

shortcut a desktop shortcut you want to start the google cloud sdk shell and

start the google cloud sdk shell and lastly you want to run gcloud init in

lastly you want to run gcloud init in order to initialize and configure the

order to initialize and configure the cloud sdk now i'm going to click on

cloud sdk now i'm going to click on finish to exit the setup and i'm going

finish to exit the setup and i'm going to get a command shell that pops up and

to get a command shell that pops up and i'm just going to zoom in for better

i'm just going to zoom in for better viewing

viewing and so it says here my current

and so it says here my current configuration has been set to default so

configuration has been set to default so when it comes to configuration this is

when it comes to configuration this is all about selecting the active account

all about selecting the active account and so my current active account is

and so my current active account is going to be set as the default account

going to be set as the default account it also needed to do a diagnostic check

it also needed to do a diagnostic check just to make sure that it can connect to

just to make sure that it can connect to the internet so that it's able to verify

the internet so that it's able to verify the account and so now the prompt is

the account and so now the prompt is saying you must log in to continue would

saying you must log in to continue would you like to log in yes

you like to log in yes you can just click on y and then enter

you can just click on y and then enter and it's going to prompt me with a new

and it's going to prompt me with a new browser window where i need to log in

browser window where i need to log in using my current account so that i can

using my current account so that i can authorize the cloud sdk so i'm going to

authorize the cloud sdk so i'm going to log in with my tony bowtie ace account

click on next type in my password

type in my password again it's going to ask me for my

again it's going to ask me for my two-step verification

two-step verification and i'm going to get a prompt saying

and i'm going to get a prompt saying that the google sdk wants to access my

that the google sdk wants to access my google account

google account i'm going to click on allow

i'm going to click on allow and success you are now authenticated

and success you are now authenticated with the google cloud sdk

with the google cloud sdk and if i go back to my terminal i am

and if i go back to my terminal i am prompted to enter some values

prompted to enter some values so that i can properly configure the

so that i can properly configure the google cloud sdk so i'm going to pick a

google cloud sdk so i'm going to pick a cloud project to use

cloud project to use and i'm going to use project tony that i

and i'm going to use project tony that i created earlier so i'm going to enter 1

created earlier so i'm going to enter 1 and hit enter

and hit enter and again whatever project that you've

and again whatever project that you've created use that one for your default

created use that one for your default configuration and it states here that my

configuration and it states here that my current project has been set to project

current project has been set to project tony and again this configuration is

tony and again this configuration is called default

called default so if i have a second configuration that

so if i have a second configuration that i wanted to use i can call it a

i wanted to use i can call it a different configuration but other than

different configuration but other than that my google cloud sdk is configured

that my google cloud sdk is configured and ready to use so just to make sure

and ready to use so just to make sure that it's working i'm going to run a

that it's working i'm going to run a couple commands i'm going to run the

couple commands i'm going to run the gcloud

gcloud help

help command

command and as you can see it's given me a list

and as you can see it's given me a list of a bunch of different commands that i

of a bunch of different commands that i can run and to exit you can just hit

can run and to exit you can just hit ctrl c i'm going to run gcloud

ctrl c i'm going to run gcloud config list

and this will give me my properties in my active configuration

my properties in my active configuration so my account is tony bowtie ace

so my account is tony bowtie ace gmail.com i've disabled usage reporting

gmail.com i've disabled usage reporting and my project is project tony and my

and my project is project tony and my active configuration is set as default

active configuration is set as default now don't worry i'm going to be covering

now don't worry i'm going to be covering all these commands in the next lesson

all these commands in the next lesson and i'm going to be going into detail on

and i'm going to be going into detail on how you can configure and add other

how you can configure and add other users

users within your cloud sdk configuration so

within your cloud sdk configuration so as we go deeper into the course i'm

as we go deeper into the course i'm going to be using a lot more command

going to be using a lot more command line just so you can get familiar with

line just so you can get familiar with the syntax and become a bit more

the syntax and become a bit more comfortable with it so now that i've

comfortable with it so now that i've installed the cloud sdk on windows the

installed the cloud sdk on windows the process will be a little bit different

process will be a little bit different when it comes to installation on the

when it comes to installation on the other operating systems but will be very

other operating systems but will be very similar when it comes to the

similar when it comes to the configuration so now let's head over to

configuration so now let's head over to mac os and install the cloud sdk there

mac os and install the cloud sdk there and so here we are in mac os and so the

and so here we are in mac os and so the first thing i want to do is i want to

first thing i want to do is i want to open up a web browser and i want to go

open up a web browser and i want to go to the cloud sdk quick start page so i'm

to the cloud sdk quick start page so i'm just going to paste in the url here

just going to paste in the url here and we're looking for the quick start

and we're looking for the quick start for mac os and so you can either click

for mac os and so you can either click on the menu from the left hand side or

on the menu from the left hand side or the menu here on the main page

the menu here on the main page and so like i said before

and so like i said before this installation is going to be a

this installation is going to be a little bit different than what it was in

little bit different than what it was in windows and so there's a few steps here

windows and so there's a few steps here to follow and so the first step asks us

to follow and so the first step asks us if we have a project already created

if we have a project already created which we've already done and is project

which we've already done and is project tony and so the next step tells us that

tony and so the next step tells us that the cloud sdk

the cloud sdk requires python and so we want to check

requires python and so we want to check our system to see if we have a supported

our system to see if we have a supported version so in order to check our version

version so in order to check our version we're going to use this command here

we're going to use this command here python minus v

python minus v and i'm going to copy that to my

and i'm going to copy that to my clipboard

clipboard and then open up a terminal and i'm

and then open up a terminal and i'm going to zoom in for better viewing and

going to zoom in for better viewing and so i'm going to paste the command in

so i'm going to paste the command in here

here and simply click on enter and as you can

and simply click on enter and as you can see here i'm running python 2.7

see here i'm running python 2.7 but the starred note here says that the

but the starred note here says that the cloud sdk will soon move to python 3 and

cloud sdk will soon move to python 3 and so in order to avoid having to upgrade

so in order to avoid having to upgrade later you'd want to check your version

later you'd want to check your version for python 3 and so you can use a

for python 3 and so you can use a similar command by typing in python 3

similar command by typing in python 3 space minus capital v

space minus capital v and as you can see i'm running version

and as you can see i'm running version 3.7.3

3.7.3 and so moving back to the guide i can

and so moving back to the guide i can see here that it is a supportive version

see here that it is a supportive version if you do not have a supportive version

if you do not have a supportive version i will include a link on how to upgrade

i will include a link on how to upgrade your version

your version in the lesson text below and so now that

in the lesson text below and so now that i've finished off this step let's move

i've finished off this step let's move on to the next one

on to the next one where i can download the archive file

where i can download the archive file for the google cloud sdk again most

for the google cloud sdk again most machines will run the 64-bit package so

machines will run the 64-bit package so if you do have the latest operating

if you do have the latest operating system for mac os

system for mac os you should be good to go so i'm going to

you should be good to go so i'm going to click on this package

click on this package and it'll start downloading for me and

and it'll start downloading for me and once it's finished you can click on

once it's finished you can click on downloads and click on the file itself

downloads and click on the file itself and it should extract itself in the same

and it should extract itself in the same folder with all the files and folders

folder with all the files and folders within it and so just as another quick

within it and so just as another quick note google prefers that you keep the

note google prefers that you keep the google cloud sdk in your home directory

google cloud sdk in your home directory and so following the guide i'm going to

and so following the guide i'm going to do exactly that and so the easiest way

do exactly that and so the easiest way to move the folder into your home

to move the folder into your home directory is to simply drag and drop it

directory is to simply drag and drop it into the home folder

into the home folder on the left hand menu it should be

on the left hand menu it should be marked with a little house icon and

marked with a little house icon and nested under favorites i can now move

nested under favorites i can now move into my home folder and confirm that it

into my home folder and confirm that it is indeed in here and so now moving to

is indeed in here and so now moving to the last step which shows as optional

the last step which shows as optional the guide asks us to install a script to

the guide asks us to install a script to add cloud sdk tools to our path now i

add cloud sdk tools to our path now i highly recommend that you install this

highly recommend that you install this script so that you can add the tools for

script so that you can add the tools for command completion and i will get into

command completion and i will get into command completion a little bit later on

command completion a little bit later on in the next couple of lessons and so

in the next couple of lessons and so here is the command that i need to run

here is the command that i need to run so i'm going to copy that to my

so i'm going to copy that to my clipboard again and i'm going to move

clipboard again and i'm going to move back over to my terminal i'm going to

back over to my terminal i'm going to clear my screen and so to make sure i'm

clear my screen and so to make sure i'm in my home directory where the cloud sdk

in my home directory where the cloud sdk folder is i'm going to simply type ls

folder is i'm going to simply type ls and so for those who don't know

and so for those who don't know ls is a linux command that will list all

ls is a linux command that will list all your files and folders in your current

your files and folders in your current path and as you can see here the google

path and as you can see here the google cloud sdk is in my path and therefore i

cloud sdk is in my path and therefore i can run that script so i'm going to

can run that script so i'm going to paste it in here

paste it in here and i'm going to hit enter

and i'm going to hit enter and so a prompt comes up asking me

and so a prompt comes up asking me whether or not i want to disable usage

whether or not i want to disable usage reporting and because i want to help

reporting and because i want to help improve the google cloud sdk i'm going

improve the google cloud sdk i'm going to type in y for yes and hit enter and

to type in y for yes and hit enter and so as i was explaining before

so as i was explaining before the cloud sdk tools will be installed in

the cloud sdk tools will be installed in my path and so this is the step that

my path and so this is the step that takes care of it and so i'm going to

takes care of it and so i'm going to type y

type y and enter

and enter for yes to continue and usually the path

for yes to continue and usually the path that comes up is the right one unless

that comes up is the right one unless you've changed it otherwise so i'm going

you've changed it otherwise so i'm going to leave this blank and just hit enter

to leave this blank and just hit enter and that's it i've installed the tools

and that's it i've installed the tools so now in order for me to run gcloud

so now in order for me to run gcloud init i have to start a new shell as it

init i have to start a new shell as it says here for the changes to take effect

says here for the changes to take effect so i'm going to go up here to the top

so i'm going to go up here to the top left hand menu click on terminal and

left hand menu click on terminal and quit terminal and so now i can restart

quit terminal and so now i can restart the terminal

the terminal again i'm going to zoom in for better

again i'm going to zoom in for better viewing

viewing and now i'm able to run gcloud init in

and now i'm able to run gcloud init in order to initialize the installation

again the prompt to do the diagnostic tests and i can see i have no network

tests and i can see i have no network issues but it shows me that i have to

issues but it shows me that i have to login to continue i would like to log in

so i'm going to type y for yes and hit enter

and so a new browser has popped open prompting me to enter my email and

prompting me to enter my email and password and so i'm going to do that now

i'm going to authorize my account with two-step verification

i'm not going to save this password and yes i want to allow the google cloud sdk

yes i want to allow the google cloud sdk to access my google account

to access my google account so i'm going to click on allow

and it shows that i've been authenticated so now i'm going to move

authenticated so now i'm going to move back to my terminal and so just as a

back to my terminal and so just as a note before we move forward in case you

note before we move forward in case you don't get a browser pop-up for you to

don't get a browser pop-up for you to log into your google account you can

log into your google account you can simply highlight this url copy it into

simply highlight this url copy it into your browser and it should prompt you

your browser and it should prompt you just the same so moving right ahead it

just the same so moving right ahead it shows that i'm logged in as

shows that i'm logged in as tonybowtieace

tonybowtieace gmail.com which is exactly what i wanted

gmail.com which is exactly what i wanted and it's asking me to pick a cloud

and it's asking me to pick a cloud project to use now i want to use project

project to use now i want to use project tony so i'm going to type in 1 and enter

tony so i'm going to type in 1 and enter and that's it the cloud sdk has been

and that's it the cloud sdk has been configured and just to double check i'm

configured and just to double check i'm going to run the gcloud

going to run the gcloud config list command to show me my

config list command to show me my configuration and as you can see here my

configuration and as you can see here my account is tonybowties

account is tonybowties gmail.com my disable usage reporting is

gmail.com my disable usage reporting is equal to false

equal to false and my project is project tony and again

and my project is project tony and again my active configuration is set as

my active configuration is set as default and so that about covers the

default and so that about covers the cloud sdk install for mac os and so

cloud sdk install for mac os and so finally i'm going to move over to ubuntu

finally i'm going to move over to ubuntu linux and configure the cloud sdk there

linux and configure the cloud sdk there and so here we are in ubuntu and like i

and so here we are in ubuntu and like i did in the other operating systems i'm

did in the other operating systems i'm going to open up the browser and i'm

going to open up the browser and i'm going to paste in the url for the quick

going to paste in the url for the quick start guide

start guide and so we want to click on the quick

and so we want to click on the quick start for debian and ubuntu and so again

start for debian and ubuntu and so again you have your choice from either

you have your choice from either clicking on the link on the left hand

clicking on the link on the left hand menu or the one here in the main menu

menu or the one here in the main menu and so following the guide

and so following the guide it is telling us that when it comes to

it is telling us that when it comes to an ubuntu release it is recommended that

an ubuntu release it is recommended that the sdk should be installed on an ubuntu

the sdk should be installed on an ubuntu release that has not reached end of life

release that has not reached end of life the guide also asks to create a project

the guide also asks to create a project if we don't have one already which we

if we don't have one already which we have already done

have already done and so now we can continue on with the

and so now we can continue on with the steps and so since we are not installing

steps and so since we are not installing it inside a docker image we're gonna go

it inside a docker image we're gonna go ahead and use the commands right here

ahead and use the commands right here now you can copy all the commands at

now you can copy all the commands at once

once by copying this to the clipboard but my

by copying this to the clipboard but my recommendation is to install each one

recommendation is to install each one one by one so i'm going to copy this

one by one so i'm going to copy this and i'm going to open up my terminal i'm

and i'm going to open up my terminal i'm going to zoom in for better viewing and

going to zoom in for better viewing and i'm going to paste that command in and

i'm going to paste that command in and click on enter it's going to prompt me

click on enter it's going to prompt me for my password

for my password and it didn't come up with any errors so

and it didn't come up with any errors so that means it was successfully executed

that means it was successfully executed and so i'm going to move on to the next

and so i'm going to move on to the next command

command i'm going to copy this

i'm going to copy this go back over to my terminal

go back over to my terminal and paste it in

and paste it in now for those of you who do not have

now for those of you who do not have curl installed you will be prompted to

curl installed you will be prompted to install it and given the command to run

install it and given the command to run it so i'm going to copy and paste this

it so i'm going to copy and paste this command

command and click on enter

and click on enter i'm going to type in y for yes to

i'm going to type in y for yes to continue and it's going to install it

continue and it's going to install it after a couple of minutes okay now that

after a couple of minutes okay now that curl has been installed i'm able to run

curl has been installed i'm able to run that command again i'm going to clear

that command again i'm going to clear the screen first

the screen first and that executed with no errors as well

and that executed with no errors as well and so now moving on to the last command

and so now moving on to the last command this command will download and install

this command will download and install the google cloud sdk

i am prompted to install some packages and so i'm going to type y for yes to

and so i'm going to type y for yes to continue so now it's going to download

continue so now it's going to download and install the necessary packages

and install the necessary packages needed for the google cloud sdk and

needed for the google cloud sdk and depending on the speed of your internet

depending on the speed of your internet and the speed of your machine this could

and the speed of your machine this could take anywhere from two to five minutes

take anywhere from two to five minutes okay and the google cloud sdk has been

okay and the google cloud sdk has been installed

installed and so now that the cloud sdk has been

and so now that the cloud sdk has been installed we can now initialize the

installed we can now initialize the configuration

configuration so i'm going to type in gcloud init

again the prompt with the network diagnostics i'm going to type y for yes

diagnostics i'm going to type y for yes to log in

to log in and i'm going to get the prompt for my

and i'm going to get the prompt for my email and password

i'm going to take care of my two-step verification and i'm going to allow the

verification and i'm going to allow the google cloud sdk to access my google

google cloud sdk to access my google account and success i am now

account and success i am now authenticated and moving back to the

authenticated and moving back to the terminal just to verify it and again i'm

terminal just to verify it and again i'm going to pick project tony as the cloud

going to pick project tony as the cloud project to use

project to use and the cloud sdk has been configured as

and the cloud sdk has been configured as always i'm going to do a double check by

always i'm going to do a double check by running a gcloud config list

and as expected the same details has come up and so this is a quick run

come up and so this is a quick run through on all three operating systems

through on all three operating systems windows mac os and ubuntu linux on how

windows mac os and ubuntu linux on how to install the google cloud sdk and this

to install the google cloud sdk and this will help you get started with becoming

will help you get started with becoming more familiar and more comfortable using

more familiar and more comfortable using the command line interface and so that

the command line interface and so that about wraps up for this lesson

about wraps up for this lesson so you can now mark this lesson as

so you can now mark this lesson as complete

complete and let's move on to the next one

and let's move on to the next one [Music]

[Music] welcome back in the last demo we went

welcome back in the last demo we went through a complete install of the cloud

through a complete install of the cloud sdk

sdk and configured our admin account to be

and configured our admin account to be used within it in this demonstration i

used within it in this demonstration i will be walking through how to manage

will be walking through how to manage the cloud sdk and this will involve how

the cloud sdk and this will involve how to utilize it and how to customize it to

to utilize it and how to customize it to your environment as well as configuring

your environment as well as configuring our other user account so that we are

our other user account so that we are able to apply switching configurations

able to apply switching configurations from one user to another and so i will

from one user to another and so i will be going through initializing and

be going through initializing and authorization

authorization configurations and properties installing

configurations and properties installing and removing components as well as a

and removing components as well as a full run through of the gcloud

full run through of the gcloud interactive shell so let's kick off this

interactive shell so let's kick off this demo by diving into a pre-configured

demo by diving into a pre-configured terminal with the sdk installed and

terminal with the sdk installed and configured with my second user tony

configured with my second user tony bowtie ace gmail.com

bowtie ace gmail.com and so here i am in the mac os terminal

and so here i am in the mac os terminal and just be aware that it doesn't matter

and just be aware that it doesn't matter which operating system you're running as

which operating system you're running as long as the sdk is installed and you

long as the sdk is installed and you have your user configured and so as you

have your user configured and so as you saw in the last lesson after you install

saw in the last lesson after you install the cloud sdk the next step is typically

the cloud sdk the next step is typically to initialize the cloud sdk

to initialize the cloud sdk by running the gcloud init command and

by running the gcloud init command and this is to perform the initial setup

this is to perform the initial setup tasks as well as authorizing the cloud

tasks as well as authorizing the cloud sdk to use your user account credentials

sdk to use your user account credentials so that it can access google cloud and

so that it can access google cloud and so in short it sets up a cloud sdk

so in short it sets up a cloud sdk configuration and sets a base set of

configuration and sets a base set of properties and this usually covers the

properties and this usually covers the active account the current project and

active account the current project and if the api is enabled the default google

if the api is enabled the default google compute engine region and zone now as a

compute engine region and zone now as a note if you're in a remote terminal

note if you're in a remote terminal session with no access to a browser you

session with no access to a browser you can still run the gcloud init command

can still run the gcloud init command but adding a flag of dash dash console

but adding a flag of dash dash console dash only

dash only and this will prevent the command from

and this will prevent the command from launching a browser-based authorization

launching a browser-based authorization like you saw when setting up your last

like you saw when setting up your last user so now even though i have a user

user so now even though i have a user already set up i can still run gcloud

already set up i can still run gcloud init and it will give me a couple

init and it will give me a couple different options to choose from so i

different options to choose from so i can re-initialize this configuration

can re-initialize this configuration with some new settings or i can create a

with some new settings or i can create a new configuration now for this demo

new configuration now for this demo since we already have two users and to

since we already have two users and to demonstrate how to switch between

demonstrate how to switch between different users i want to create a new

different users i want to create a new configuration with my very first user so

configuration with my very first user so i'm going to type in 2 and hit enter and

i'm going to type in 2 and hit enter and it's going to ask me for a configuration

it's going to ask me for a configuration name now it asks me for a configuration

name now it asks me for a configuration name because when setting up your first

name because when setting up your first configuration it's set as default and

configuration it's set as default and because i know that this user account

because i know that this user account has full access to billing as well as

has full access to billing as well as administration privileges i'm going to

administration privileges i'm going to call this configuration master and i'm

call this configuration master and i'm going to hit enter

going to hit enter it did the necessary network checks and

it did the necessary network checks and now it's asking me for which account i

now it's asking me for which account i want to use this configuration for now

want to use this configuration for now if tony bowtie ace had access to two

if tony bowtie ace had access to two different google cloud accounts i would

different google cloud accounts i would be able to add a different configuration

be able to add a different configuration here and so because i'm going to log in

here and so because i'm going to log in with a new account i'm going to put in

with a new account i'm going to put in two

two and hit enter

and hit enter and so again it brought me to my browser

and so again it brought me to my browser window and i'm going to log in using

window and i'm going to log in using another account

another account and so here you can type in the first

and so here you can type in the first account that you created and for me it

account that you created and for me it was antony gcloud ace gmail.com

was antony gcloud ace gmail.com i hit next and i'm going to enter my

i hit next and i'm going to enter my password

password it's going to ask me for my two-step

it's going to ask me for my two-step verification

verification and i don't want to save this password

and i don't want to save this password and i'm going to allow the google cloud

and i'm going to allow the google cloud sdk to access my google account and i am

sdk to access my google account and i am now authenticated so moving back to the

now authenticated so moving back to the console you can see here that i am

console you can see here that i am currently logged in and it's asking me

currently logged in and it's asking me to pick a cloud project to use now since

to pick a cloud project to use now since i only have one project in that google

i only have one project in that google cloud account which is subtle poet i'm

cloud account which is subtle poet i'm going to choose one

going to choose one and since i have the compute engine api

and since i have the compute engine api enabled i am now able to configure a

enabled i am now able to configure a default compute region and zone and so

default compute region and zone and so i'm going to hit y for yes to configure

i'm going to hit y for yes to configure it and as you can see there are 74

it and as you can see there are 74 different options to choose from and if

different options to choose from and if you scroll up a little bit you should be

you scroll up a little bit you should be able to find the zone that you're

able to find the zone that you're looking for and so for this course we

looking for and so for this course we are going to be using us central one

are going to be using us central one dash a and so this is number eight so

dash a and so this is number eight so i'm going to scroll back down

i'm going to scroll back down and type in eight

and type in eight and so now my master configuration has

and so now my master configuration has been configured with my antony g cloud

been configured with my antony g cloud ace account using us central 1a as the

ace account using us central 1a as the compute engine zone now touching back on

compute engine zone now touching back on authorization if i didn't want to set up

authorization if i didn't want to set up a whole configuration i can simply type

a whole configuration i can simply type in gcloud

in gcloud auth login

auth login and this will allow me to authorize just

and this will allow me to authorize just the user account only so gcloud init

the user account only so gcloud init would authorize access and perform the

would authorize access and perform the cloud sdk setup steps and gcloud auth

cloud sdk setup steps and gcloud auth login will authorize the access only now

as i mentioned in a previous lesson you can use a service account for

can use a service account for authorization to the cloud sdk tools and

authorization to the cloud sdk tools and this would be great for a compute

this would be great for a compute instance or an application but would

instance or an application but would need a service account key file in order

need a service account key file in order to authorize it and so moving back to

to authorize it and so moving back to our user accounts when running the cloud

our user accounts when running the cloud sdk you can only have one active account

sdk you can only have one active account at any given time and so to check my

at any given time and so to check my active account i can type in the command

active account i can type in the command gcloud auth list

gcloud auth list and this will give me a list of all the

and this will give me a list of all the accounts that have been authorized and

accounts that have been authorized and so whenever you run a gcloud init it

so whenever you run a gcloud init it will use that account as the active

will use that account as the active account and as you can see here the

account and as you can see here the antony gcloud ace gmail.com has a star

antony gcloud ace gmail.com has a star beside it and this is marked as the

beside it and this is marked as the active account and so in essence the

active account and so in essence the account with the star beside it is the

account with the star beside it is the active account and so i'm looking to

active account and so i'm looking to change my active account back to tony

change my active account back to tony bowtie ace and in order for me to do

bowtie ace and in order for me to do that the command is conveniently shown

that the command is conveniently shown here and so i'm going to go ahead and

here and so i'm going to go ahead and run that

run that and the account would be the user shown

and the account would be the user shown above and so when i do a gcloud auth

above and so when i do a gcloud auth list

list i can see that my active account is now

i can see that my active account is now back to tony bowtie bowtieace gmail.com

back to tony bowtie bowtieace gmail.com now if you wanted to switch the account

now if you wanted to switch the account on a per command basis you can always do

on a per command basis you can always do that using the flag dash dash account

that using the flag dash dash account after the command and put in the user

after the command and put in the user account that you want to use and so

account that you want to use and so let's say i wanted to revoke credentials

let's say i wanted to revoke credentials from an account that i don't need

from an account that i don't need anymore i can simply use the command

anymore i can simply use the command gcloud auth revoke

gcloud auth revoke followed by the username and it will

followed by the username and it will revoke the credentials for that account

revoke the credentials for that account and so doing this

and so doing this would remove your credentials and any

would remove your credentials and any access tokens for any specific account

access tokens for any specific account that you choose that's currently on your

that you choose that's currently on your computer and so if we're looking for

computer and so if we're looking for that specific account we can always use

that specific account we can always use the gcloud info command and it will give

the gcloud info command and it will give us the path for the user config

us the path for the user config directory and it is this directory that

directory and it is this directory that holds your encrypted credentials and

holds your encrypted credentials and access tokens

access tokens alongside with your active

alongside with your active configurations and any other

configurations and any other configurations as well now as you can

configurations as well now as you can see here running the gcloud info command

see here running the gcloud info command will also give you some other

will also give you some other information everything from the account

information everything from the account the project the current properties and

the project the current properties and where the logs can be found so now

where the logs can be found so now moving on to configurations

moving on to configurations a configuration is a named set of gcloud

a configuration is a named set of gcloud cli properties

cli properties and it works kind of like a profile and

and it works kind of like a profile and so earlier on i demonstrated how to set

so earlier on i demonstrated how to set up another configuration through gcloud

up another configuration through gcloud init so now if i run a gcloud config

init so now if i run a gcloud config list command it would give me all the

list command it would give me all the information of the active configuration

information of the active configuration so as you can see here my user has

so as you can see here my user has changed but my configuration has stayed

changed but my configuration has stayed the same now as seen previously in a

the same now as seen previously in a different lesson tony bow tie ace does

different lesson tony bow tie ace does not have access to the project subtle

not have access to the project subtle poet this project belongs to antony g

poet this project belongs to antony g cloud ace and the configuration was set

cloud ace and the configuration was set for that account now if tony bowtie ace

for that account now if tony bowtie ace did have access to the subtle poet

did have access to the subtle poet project then i could use this

project then i could use this configuration but it doesn't and so i

configuration but it doesn't and so i want to switch back to my other

want to switch back to my other configuration and how i would do this is

configuration and how i would do this is type in the command

type in the command gcloud config configurations

gcloud config configurations activate and the configuration that i

activate and the configuration that i set up for tony bowtie ace is the

set up for tony bowtie ace is the default configuration

default configuration and so now that it has been activated i

and so now that it has been activated i can now run a gcloud config list and as

can now run a gcloud config list and as you can see here the configuration is

you can see here the configuration is back to default setup during the

back to default setup during the initialization process for tony bowtie

initialization process for tony bowtie ace now if i wanted to create multiple

ace now if i wanted to create multiple configurations for the same user account

configurations for the same user account i can simply type in the command gcloud

i can simply type in the command gcloud config configurations

config configurations create

create but if i wanted to just view the

but if i wanted to just view the configuration properties i can always

configuration properties i can always type in the command gcloud config

type in the command gcloud config configurations describe

configurations describe and as you can see after the describe i

and as you can see after the describe i needed the configuration name to

needed the configuration name to complete the command and so i'm going to

complete the command and so i'm going to do that now

and i've been given all the properties for this configuration now another thing

for this configuration now another thing that i wanted to share when it comes to

that i wanted to share when it comes to properties is that you can change the

properties is that you can change the project or the compute region and zone

project or the compute region and zone by simply typing in the command

by simply typing in the command gcloud config set now if i wanted to

gcloud config set now if i wanted to change the project i can simply type in

change the project i can simply type in project and the project name if it was

project and the project name if it was for the compute instance i can simply

for the compute instance i can simply type in compute

type in compute forward slash zone for the specific zone

forward slash zone for the specific zone and just as a note only the properties

and just as a note only the properties that are not in the core property

that are not in the core property section are the ones that can be set as

section are the ones that can be set as well when you are setting the properties

well when you are setting the properties this only applies to the active

this only applies to the active configuration if you want to change the

configuration if you want to change the configuration of one that is not active

configuration of one that is not active then you'd have to switch to it and run

then you'd have to switch to it and run the gcloud config set command and so

the gcloud config set command and so moving on i wanted to touch on

moving on i wanted to touch on components which are the installable

components which are the installable parts of the sdk and when you install

parts of the sdk and when you install the sdk the components gcloud bq gsutil

the sdk the components gcloud bq gsutil and the core libraries are installed by

and the core libraries are installed by default now you probably saw a list of

default now you probably saw a list of components when you ran the gcloud init

components when you ran the gcloud init command and so to see all the components

command and so to see all the components again you can simply type in the gcloud

again you can simply type in the gcloud components

components list command

list command and if you scroll up you're able to see

and if you scroll up you're able to see all the components that are available

all the components that are available that you can install at your convenience

that you can install at your convenience and so if i wanted to install the

and so if i wanted to install the cubectl component i can type in the

cubectl component i can type in the command gcloud components install

command gcloud components install cubectl and a prompt will come up asking

cubectl and a prompt will come up asking me if i want to continue with this i

me if i want to continue with this i want to say yes and now it will go

want to say yes and now it will go through the process of installing these

through the process of installing these components

components and so just to verify if i run the

and so just to verify if i run the command gcloud components list you can

command gcloud components list you can see here that i have the cube ctl

see here that i have the cube ctl component installed now if i wanted to

component installed now if i wanted to remove that component i can simply type

remove that component i can simply type in

in gcloud components

gcloud components remove

remove and then the component that i want to

and then the component that i want to remove

remove which is cubectl i'm going to be

which is cubectl i'm going to be prompted if i want to do this i'm going

prompted if i want to do this i'm going to say yes and it's going to go through

to say yes and it's going to go through the stages of removing this component

the stages of removing this component and it's been successfully uninstalled

and it's been successfully uninstalled and so if you're working with a resource

and so if you're working with a resource that you need a component for you can

that you need a component for you can simply install or uninstall it using the

simply install or uninstall it using the gcloud components command and so one

gcloud components command and so one last thing about components before we

last thing about components before we move on

move on is that you can update your components

is that you can update your components to make sure you have the latest version

to make sure you have the latest version and so in order to update all of your

and so in order to update all of your installed components you would simply

installed components you would simply run the command gcloud components update

run the command gcloud components update and so before i go ahead and finish off

and so before i go ahead and finish off this demonstration i wanted to touch on

this demonstration i wanted to touch on the gcloud interactive shell the gcloud

the gcloud interactive shell the gcloud interactive shell provides a richer

interactive shell provides a richer shell experience simplifying commands

shell experience simplifying commands and documentation discovery with as you

and documentation discovery with as you type autocompletion and help text

type autocompletion and help text snippets below it produces suggestions

snippets below it produces suggestions and autocompletion for gcloud bq gsutil

and autocompletion for gcloud bq gsutil and cubectl command line tools as well

and cubectl command line tools as well as any command that has a man page sub

as any command that has a man page sub commands and flags can be completed

commands and flags can be completed along with online help as you type the

along with online help as you type the command and because this is part of the

command and because this is part of the beta component i need to install it and

beta component i need to install it and so i'm going to run the command gcloud

so i'm going to run the command gcloud components install beta and i want to

components install beta and i want to hit yes to continue and this will go

hit yes to continue and this will go ahead and kick off the installation of

ahead and kick off the installation of the gcloud beta commands

the gcloud beta commands and so now that it's installed i'm going

and so now that it's installed i'm going to simply clear the screen and so now in

to simply clear the screen and so now in order to run the gcloud interactive

order to run the gcloud interactive shell i need to run the command gcloud

shell i need to run the command gcloud beta

beta interactive

interactive and so now for every command that i type

and so now for every command that i type i will get auto suggestions that will

i will get auto suggestions that will help me with my commands and so to see

help me with my commands and so to see it in all of its glory i'm going to

it in all of its glory i'm going to start typing

start typing and as you can see it's giving me the

and as you can see it's giving me the option between g cloud or gsutil and i

option between g cloud or gsutil and i can use the arrow to choose either one

can use the arrow to choose either one and below it it'll also show me the

and below it it'll also show me the different flags that i can use for these

different flags that i can use for these specific commands and how to structure

specific commands and how to structure them and so for now i'm going to run

them and so for now i'm going to run gsutil version

gsutil version minus l and as you can see here it's

minus l and as you can see here it's giving me all the information about this

giving me all the information about this command and what it can do and so i'm

command and what it can do and so i'm going to hit enter

going to hit enter and as you can see my gsutil version is

and as you can see my gsutil version is 4.52

4.52 and along with the version number i'm

and along with the version number i'm also given all the specific information

also given all the specific information with regards to this gsutil version and

with regards to this gsutil version and this can be used with absolutely any

this can be used with absolutely any command used on the google cloud

command used on the google cloud platform and so i'm going to go ahead

platform and so i'm going to go ahead and do that again but running a

and do that again but running a different command so i'm just going to

different command so i'm just going to first clear the screen and i'm going to

first clear the screen and i'm going to type gcloud

type gcloud compute

compute instances and as you can see the snippet

instances and as you can see the snippet on the bottom of the screen is showing

on the bottom of the screen is showing me not only the command and how it's

me not only the command and how it's structured but also the url for the

structured but also the url for the documentation so continuing on gcloud

documentation so continuing on gcloud compute instances i'm going to do a list

compute instances i'm going to do a list and i'm going to filter it by using the

and i'm going to filter it by using the flag dash dash filter and i'm going to

flag dash dash filter and i'm going to filter the us east one a zone and i'm

filter the us east one a zone and i'm going to hit enter

and as expected there are no instances in us east 1a and as you've just

in us east 1a and as you've just experienced this is a great tool and i

experienced this is a great tool and i highly recommend that you use it

highly recommend that you use it whenever you can now i know this is a

whenever you can now i know this is a lot to take in

lot to take in and a lot of these commands will not

and a lot of these commands will not show up on the exam but again getting

show up on the exam but again getting comfortable with the command line and

comfortable with the command line and the sdk will help you on your path to

the sdk will help you on your path to becoming a cloud engineer as well it

becoming a cloud engineer as well it will help you get really comfortable

will help you get really comfortable with the command line and before you

with the command line and before you know it you'll be running commands in

know it you'll be running commands in the command line and prefer it over

the command line and prefer it over using the console and so that's all i

using the console and so that's all i have for this demo on managing the cloud

have for this demo on managing the cloud sdk so you can now mark this lesson as

sdk so you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

welcome back in this demonstration i'm going to be talking about the always

going to be talking about the always available browser-based shell called

available browser-based shell called cloud shell cloud shell is a virtual

cloud shell cloud shell is a virtual machine that is loaded with development

machine that is loaded with development tools and offers a persistent five

tools and offers a persistent five gigabyte home directory that runs on

gigabyte home directory that runs on google cloud cloud shell is what

google cloud cloud shell is what provides you command line access to your

provides you command line access to your google cloud resources within the

google cloud resources within the console cloud shell also comes with a

console cloud shell also comes with a built-in code editor that i will be

built-in code editor that i will be diving into and allows you to browse

diving into and allows you to browse file directories as well as view and

file directories as well as view and edit files while still accessing the

edit files while still accessing the cloud shell the code editor is available

cloud shell the code editor is available by default with every cloud shell

by default with every cloud shell instance and is based on the open source

instance and is based on the open source editor thea

editor thea now cloud shell is available from

now cloud shell is available from anywhere in the console by merely

anywhere in the console by merely clicking on the icon showed here in the

clicking on the icon showed here in the picture

picture and is positioned in the top right hand

and is positioned in the top right hand corner of the console in the blue

corner of the console in the blue toolbar so let's get started with the

toolbar so let's get started with the cloud shell by getting our hands dirty

cloud shell by getting our hands dirty and jumping right into it

and jumping right into it and so here we are back in the console

and so here we are back in the console and i am logged in as tony bowtie ace

and i am logged in as tony bowtie ace gmail.com and as you can see up here in

gmail.com and as you can see up here in the right hand corner

the right hand corner as mentioned earlier you will find the

as mentioned earlier you will find the cloud shell logo and so to open it up

cloud shell logo and so to open it up you simply click on it and it'll

you simply click on it and it'll activate the cloud shell here at the

activate the cloud shell here at the bottom and because it's my first time

bottom and because it's my first time using cloud shell i'll get this prompt

using cloud shell i'll get this prompt quickly explaining an overview of what

quickly explaining an overview of what cloud shell is and i'm going to simply

cloud shell is and i'm going to simply hit continue

hit continue and i'm going to make the terminal a

and i'm going to make the terminal a little bit bigger by dragging this line

little bit bigger by dragging this line up to the middle of the screen and so

up to the middle of the screen and so when you start cloud shell it provisions

when you start cloud shell it provisions an e2 small

an e2 small google compute engine instance running a

google compute engine instance running a debian-based linux operating system now

debian-based linux operating system now this is an ephemeral pre-configured vm

this is an ephemeral pre-configured vm and the environment you work with is a

and the environment you work with is a docker container running on that vm

docker container running on that vm cloud shell instances are provisioned on

cloud shell instances are provisioned on a per user per session basis the

a per user per session basis the instance persists while your cloud shell

instance persists while your cloud shell session is active and after an hour of

session is active and after an hour of inactivity your session terminates and

inactivity your session terminates and the vm is discarded you can also

the vm is discarded you can also customize your environment automatically

customize your environment automatically on boot time and it will allow you to

on boot time and it will allow you to have your preferred tools when cloud

have your preferred tools when cloud shell boots up so when your cloud shell

shell boots up so when your cloud shell instance is provision it's provisioned

instance is provision it's provisioned with 5 gigabytes of free persistent disk

with 5 gigabytes of free persistent disk storage and it's mounted at your home

storage and it's mounted at your home directory on the virtual machine

directory on the virtual machine instance and you can check your disk

instance and you can check your disk storage by simply typing in the command

storage by simply typing in the command df minus h and here where it shows dev

df minus h and here where it shows dev disk by id google home part one it shows

disk by id google home part one it shows here the size as 4.8 gigabytes and this

here the size as 4.8 gigabytes and this would be the persistent disk storage

would be the persistent disk storage that's mounted on your home directory

that's mounted on your home directory now if you've noticed it shows here that

now if you've noticed it shows here that i'm logged in as tony bowtie ace at

i'm logged in as tony bowtie ace at cloud shell and that my project id is

cloud shell and that my project id is set at project tony so the great thing

set at project tony so the great thing about cloud shell

about cloud shell is that you're automatically

is that you're automatically authenticated as the google account

authenticated as the google account you're logged in with so here you can

you're logged in with so here you can see i'm logged in as tony bowtie ace and

see i'm logged in as tony bowtie ace and so picture it like running gcloud auth

so picture it like running gcloud auth login and specifying your google account

but without having to actually do it now when the cloud shell is started the

when the cloud shell is started the active project in the console is

active project in the console is propagated to your gcloud configuration

propagated to your gcloud configuration inside cloud shell so as you can see

inside cloud shell so as you can see here my project is set at project tony

here my project is set at project tony now if i wanted to change it to a

now if i wanted to change it to a different project i could simply use the

different project i could simply use the command stated up here

command stated up here gcloud config set project along with the

gcloud config set project along with the project id and this will change me to a

project id and this will change me to a different project now behind the scenes

different project now behind the scenes cloud shell is globally distributed

cloud shell is globally distributed across multiple regions so when you

across multiple regions so when you first connect to cloud shell you'll be

first connect to cloud shell you'll be automatically assigned to the closest

automatically assigned to the closest available region and thus avoiding

available region and thus avoiding any unnecessary latency you do not have

any unnecessary latency you do not have the option to choose your own region and

the option to choose your own region and so cloud shell does that for you by

so cloud shell does that for you by optimizing it to migrate to a closer

optimizing it to migrate to a closer region whenever it can so if you're ever

region whenever it can so if you're ever curious where your cloud shell session

curious where your cloud shell session is currently active

is currently active you can simply type in this command

you can simply type in this command curl metadata slash compute metadata

curl metadata slash compute metadata slash version one slash instance slash

slash version one slash instance slash zone

zone and this will give me the zone where my

and this will give me the zone where my instance is located and as shown here it

instance is located and as shown here it is in us east 1b now as you've probably

is in us east 1b now as you've probably been seeing every time i highlight

been seeing every time i highlight something that there is a picture of

something that there is a picture of scissors coming up the cloud shell has

scissors coming up the cloud shell has some automated and available tools that

some automated and available tools that are built in and so one of those

are built in and so one of those available tools is that whenever i

available tools is that whenever i highlight something it will

highlight something it will automatically copy it to the clipboard

automatically copy it to the clipboard for me cloud shell also has a bunch of

for me cloud shell also has a bunch of very powerful pre-installed tools that

very powerful pre-installed tools that come with it such as the cloud sdk bash

come with it such as the cloud sdk bash vim helm

vim helm git

git docker and more as well cloud shell has

docker and more as well cloud shell has support for a lot of major different

support for a lot of major different programming languages like java go

programming languages like java go python node.js

python node.js ruby and net core for those who run

ruby and net core for those who run windows now if you're looking for an

windows now if you're looking for an available tool that is not pre-installed

available tool that is not pre-installed you can actually customize your

you can actually customize your environment when your instance boots up

environment when your instance boots up and automatically run a script that will

and automatically run a script that will install the tool of your choice and the

install the tool of your choice and the script runs as root and you can install

script runs as root and you can install any package that you please and so in

any package that you please and so in order for this environment customization

order for this environment customization to work there needs to be a file labeled

to work there needs to be a file labeled as dot customize underscore environment

as dot customize underscore environment now if we do an ls here you can see that

now if we do an ls here you can see that all we have is the readme dash cloud

all we have is the readme dash cloud shell text file if we do ls space minus

shell text file if we do ls space minus al to show all the hidden files as well

al to show all the hidden files as well you can see that the dot customize

you can see that the dot customize underscore environment file does not

underscore environment file does not exist and this is because we need to

exist and this is because we need to create it ourselves and so for this

create it ourselves and so for this example i want terraform installed as an

example i want terraform installed as an available tool when my instance boots up

available tool when my instance boots up and so i have to create this file so i'm

and so i have to create this file so i'm going to do so by using the touch

going to do so by using the touch command and then the name of the file

command and then the name of the file dot customize

dot customize underscore environment hit enter and if

underscore environment hit enter and if i clear the screen and do another ls

i clear the screen and do another ls space minus al i can see that my dot

space minus al i can see that my dot customize underscore environment file

customize underscore environment file has been created and so now i'm going to

has been created and so now i'm going to need the script to install terraform

need the script to install terraform which means i would have to edit it and

which means i would have to edit it and so another great feature of cloud shell

so another great feature of cloud shell is that it comes with a code editor and

is that it comes with a code editor and i can do it one of two ways i can either

i can do it one of two ways i can either come up here and click on the open

come up here and click on the open editor button which will open up a new

editor button which will open up a new tab or i can simply use the edit command

tab or i can simply use the edit command with the file name and i'm going to do

with the file name and i'm going to do just that so edit

dot customize underscore environment and i'm just going to hit enter and as you

i'm just going to hit enter and as you can see i got a prompt saying that it's

can see i got a prompt saying that it's unable to load the code editor and this

unable to load the code editor and this is because when using code editor you

is because when using code editor you need cookies enabled on your browser and

need cookies enabled on your browser and because i am using a private browser

because i am using a private browser session cookies are disabled and because

session cookies are disabled and because my cloud shell environment persists i'm

my cloud shell environment persists i'm going to open up a regular browser

going to open up a regular browser window and i'm going to continue where i

window and i'm going to continue where i left off and so here i am back with a

left off and so here i am back with a new browser window again logged in as

new browser window again logged in as tony bowtie ace and so just to show you

tony bowtie ace and so just to show you the persistence that happens in cloud

the persistence that happens in cloud shell i'm going to run the command ls

shell i'm going to run the command ls space minus al and as you can see here

space minus al and as you can see here the customize environment is still here

the customize environment is still here and so again i wanted to install

and so again i wanted to install terraform as an extra tool to have in my

terraform as an extra tool to have in my environment and so i'm going to open up

environment and so i'm going to open up the editor by typing in edit dot

the editor by typing in edit dot customize underscore environment and i'm

customize underscore environment and i'm going to hit enter and here is the

going to hit enter and here is the editor that popped up

editor that popped up as you can see here it's built with

as you can see here it's built with eclipse thea and this is an open source

eclipse thea and this is an open source code editor that you can download from

code editor that you can download from eclipse and this is what the editor is

eclipse and this is what the editor is built on now this menu here on the left

built on now this menu here on the left i can make it a little bit bigger and

i can make it a little bit bigger and because the only viewable file on my

because the only viewable file on my persistent disk is the readme cloud

persistent disk is the readme cloud shell dot text file i'm not able to see

shell dot text file i'm not able to see my dot customize underscore environment

my dot customize underscore environment so in order to open it and edit it i'm

so in order to open it and edit it i'm going to go to the menu at the top of

going to go to the menu at the top of the editor and click on file open

the editor and click on file open and here i'll be able to select the file

and here i'll be able to select the file that i need so i'm going to select

that i need so i'm going to select customize environment and click on open

customize environment and click on open and so i'm going to paste in my script

and so i'm going to paste in my script to install terraform and i'm just going

to install terraform and i'm just going to paste in my script from my clipboard

to paste in my script from my clipboard and i'll be including the script in the

and i'll be including the script in the github repo for those of you who use

github repo for those of you who use terraform and i'm going to move over to

terraform and i'm going to move over to the menu on the left click on file and

the menu on the left click on file and then hit save and so now in order for me

then hit save and so now in order for me to allow this to work

to allow this to work the customize environment needs to be

the customize environment needs to be loaded into my cloud shell so i'm going

loaded into my cloud shell so i'm going to have to restart it and so in order to

to have to restart it and so in order to accomplish this i'm going to move over

accomplish this i'm going to move over to the menu on the right i'm going to

to the menu on the right i'm going to click on the icon with the three dots

click on the icon with the three dots and click on restart and you'll be

and click on restart and you'll be presented with a prompt it's saying that

presented with a prompt it's saying that it will immediately terminate my session

it will immediately terminate my session and then a new vm will be provisioned

and then a new vm will be provisioned for me and you'll also be presented with

for me and you'll also be presented with an optional response from google telling

an optional response from google telling them why you're restarting the vm and

them why you're restarting the vm and this is merely for statistical purposes

this is merely for statistical purposes so i'm going to click on restart and i'm

so i'm going to click on restart and i'm going to wait till a new cloud shell is

going to wait till a new cloud shell is provisioned and my new cloud shell is

provisioned and my new cloud shell is provisioned and up and running and so i

provisioned and up and running and so i want to double check to see if terraform

want to double check to see if terraform has been installed so i'm going to go

has been installed so i'm going to go over here to the open terminal button on

over here to the open terminal button on the right hand side toolbar and i'm

the right hand side toolbar and i'm going to move back to my terminal and

going to move back to my terminal and i'm going to simply run the command

i'm going to simply run the command terraform dash dash version

terraform dash dash version and so it looks like terraform has been

and so it looks like terraform has been installed and as you can see i'm running

installed and as you can see i'm running version.12 but it says my terraform

version.12 but it says my terraform version is out of date and that the

version is out of date and that the latest version is dot 13. and so because

latest version is dot 13. and so because i really want to be up to date with

i really want to be up to date with terraform i want to be able to go into

terraform i want to be able to go into my customize environment file and edit

my customize environment file and edit my version of terraform so that when my

my version of terraform so that when my cloud shell is initiated

cloud shell is initiated terraform.13 can be installed and so i'm

terraform.13 can be installed and so i'm going to simply type in the command edit

going to simply type in the command edit dot customize underscore environment and

dot customize underscore environment and i'm back to my editor and i'm going to

i'm back to my editor and i'm going to change the terraform version from dot 12

change the terraform version from dot 12 to dot 13 and then go over here to the

to dot 13 and then go over here to the left-hand menu click on file and then

left-hand menu click on file and then save and now i'm going to restart my

save and now i'm going to restart my machine again

machine again and come back when it's fully

and come back when it's fully provisioned and i'm back again my

provisioned and i'm back again my machine has been provisioned and i'm

machine has been provisioned and i'm going to go back to my terminal by

going to go back to my terminal by clicking on the open terminal button and

clicking on the open terminal button and so i'm going to type in the command

so i'm going to type in the command terraform dash dash version and as you

terraform dash dash version and as you can see i'm at version dot 13 and i'm

can see i'm at version dot 13 and i'm going to run a simple terraform command

going to run a simple terraform command to see if it's working and as you can

to see if it's working and as you can see i am successful in running terraform

see i am successful in running terraform on cloud shell now customizing the

on cloud shell now customizing the environment is not on the exam but it is

environment is not on the exam but it is such an amazing feature that i wanted to

such an amazing feature that i wanted to highlight it for you with a real world

highlight it for you with a real world example like terraform in case you're

example like terraform in case you're away from your computer

away from your computer and you're logged into a browser and you

and you're logged into a browser and you need some special tools to use in cloud

need some special tools to use in cloud shell this is the best way to do it now

shell this is the best way to do it now as i mentioned before the cloud sdk is

as i mentioned before the cloud sdk is pre-installed on this and so everything

pre-installed on this and so everything that i've showed you in the last lesson

that i've showed you in the last lesson with regards to cloud sdk can be done in

with regards to cloud sdk can be done in the cloud shell as well so if i run the

the cloud shell as well so if i run the command gcloud

command gcloud beta interactive i'd be able to bring up

beta interactive i'd be able to bring up the interactive cloud shell and i'll be

the interactive cloud shell and i'll be able to run the same commands so now if

able to run the same commands so now if i go ahead and run the command

i go ahead and run the command gcloud components list i'll be able to

gcloud components list i'll be able to see all the components installed and as

see all the components installed and as you can see with the cloud shell there

you can see with the cloud shell there are more components installed than

are more components installed than what's installed on the default

what's installed on the default installation of the sdk i can also run

installation of the sdk i can also run the gcloud config list command to see

the gcloud config list command to see all the properties in my active

all the properties in my active configuration and so this goes to show

configuration and so this goes to show you that the sdk installation that's on

you that the sdk installation that's on cloud shell is just as capable as the

cloud shell is just as capable as the one that you've installed on your

one that you've installed on your computer the only difference here is

computer the only difference here is that the sdk along with all the other

that the sdk along with all the other tools that come installed in cloud shell

tools that come installed in cloud shell is updated every week and so you can

is updated every week and so you can always depend that they're up to date

always depend that they're up to date and so moving on to a few more features

and so moving on to a few more features of cloud shell i wanted to point out the

of cloud shell i wanted to point out the obvious ones

obvious ones up here in the cloud shell toolbar right

up here in the cloud shell toolbar right beside the open terminal i can open

beside the open terminal i can open brand new tabs opening up different

brand new tabs opening up different projects

projects or even the same project

or even the same project but just a different terminal and moving

but just a different terminal and moving over to the right hand menu of cloud

over to the right hand menu of cloud shell this keyboard icon can send key

shell this keyboard icon can send key combinations that you would normally not

combinations that you would normally not have access to moving on to the gear

have access to moving on to the gear icon with this you're able to change

icon with this you're able to change your preferences

your preferences and looking at the first item on the

and looking at the first item on the list when it comes to color themes you

list when it comes to color themes you can go from a dark theme to a light

can go from a dark theme to a light theme or if you prefer a different color

theme or if you prefer a different color in my case i prefer the dark theme

in my case i prefer the dark theme as well you have the options of changing

as well you have the options of changing your text size we can go to largest

your text size we can go to largest but i think we'll just keep things back

but i think we'll just keep things back down to medium and as well

down to medium and as well we have

we have the different fonts the copy settings

the different fonts the copy settings from which i showed you earlier as well

from which i showed you earlier as well as keyboard preferences you also have

as keyboard preferences you also have the option of showing your scroll bar

the option of showing your scroll bar now moving on to this icon right beside

now moving on to this icon right beside the gear

the gear is the web preview button and so the web

is the web preview button and so the web preview button is designed so that you

preview button is designed so that you can run any web application that listens

can run any web application that listens to http requests on the cloud shell and

to http requests on the cloud shell and be able to view it in a new web browser

be able to view it in a new web browser tab when running these web applications

tab when running these web applications web preview also supports applications

web preview also supports applications run in app engine now mind you these

run in app engine now mind you these ports are only available to the secure

ports are only available to the secure cloud shell proxy service which

cloud shell proxy service which restricts access over https to your user

restricts access over https to your user account only and so to demonstrate this

account only and so to demonstrate this feature i am going to run a simple http

feature i am going to run a simple http server running a hello world page so

server running a hello world page so first i'm going to clear my screen and

first i'm going to clear my screen and then i'm going to exit the interactive

then i'm going to exit the interactive shell and again i'm going to paste in

shell and again i'm going to paste in for my clipboard a simple script that

for my clipboard a simple script that will run my simple http server and as

will run my simple http server and as you can see it's running on port 8080

you can see it's running on port 8080 and now i'm able to click on the web

and now i'm able to click on the web preview button and i'm able to preview

preview button and i'm able to preview it on port 8080

it on port 8080 and a new web browser tab will open up

and a new web browser tab will open up and here i'll see my hello world page

and here i'll see my hello world page now this is just a simple example and so

now this is just a simple example and so i'm sure that many of you can find great

i'm sure that many of you can find great use for this and so i'm going to stop

use for this and so i'm going to stop this http server now by hitting ctrl c

this http server now by hitting ctrl c and just as a quick note web preview can

and just as a quick note web preview can also run on a different port anywhere

also run on a different port anywhere from port 2000

from port 2000 all the way up to 65 000. now moving on

all the way up to 65 000. now moving on to the rest of the features

to the rest of the features hitting on the more button here with the

hitting on the more button here with the three dots starting from the top we

three dots starting from the top we covered restart earlier when we had to

covered restart earlier when we had to restart our cloud shell you're able to

restart our cloud shell you're able to both upload and download a file within

both upload and download a file within cloud shell when the demands are needed

cloud shell when the demands are needed as well if i have a misconfigured

as well if i have a misconfigured configuration i can boot into safe mode

configuration i can boot into safe mode and fix the issue instead of having to

and fix the issue instead of having to start from scratch again moving on to

start from scratch again moving on to boost cloud shell also known as boost

boost cloud shell also known as boost mode is a feature that increases your

mode is a feature that increases your cloud shell vm from the default e2 small

cloud shell vm from the default e2 small to an e2 medium so in essence a memory

to an e2 medium so in essence a memory bump from 2 gigabytes to 4 gigabytes and

bump from 2 gigabytes to 4 gigabytes and once it's activated all your sessions

once it's activated all your sessions will be boosted for the next 24 hours

will be boosted for the next 24 hours and just as a quick note

and just as a quick note enabling boost mode restarts your cloud

enabling boost mode restarts your cloud shell and immediately terminates your

shell and immediately terminates your session but don't worry the data in your

session but don't worry the data in your home directory will persist but any of

home directory will persist but any of the processes that you are running will

the processes that you are running will be lost now when it comes to usage quota

be lost now when it comes to usage quota cloud shell has a 50 hour weekly usage

cloud shell has a 50 hour weekly usage limit so if you reach your usage limit

limit so if you reach your usage limit you'll need to wait until your quota is

you'll need to wait until your quota is reset before you can use cloud shell

reset before you can use cloud shell again so it's always good to keep your

again so it's always good to keep your eyes on this in case you're a heavy user

eyes on this in case you're a heavy user of cloud shell

of cloud shell and moving back to the menu again you

and moving back to the menu again you have your usage statistics which

have your usage statistics which collects statistics on commands that

collects statistics on commands that come pre-installed in the vm and you can

come pre-installed in the vm and you can turn them on or off

turn them on or off and as well help for cloud shell is

and as well help for cloud shell is available here as well if you wanted to

available here as well if you wanted to give feedback to the google cloud team

give feedback to the google cloud team with regards to cloud shell this is the

with regards to cloud shell this is the place to do it and so one last thing

place to do it and so one last thing about cloud shell before we end this

about cloud shell before we end this demo is that if you do not access cloud

demo is that if you do not access cloud shell for 120 days your home disk will

shell for 120 days your home disk will be deleted now don't worry you'll

be deleted now don't worry you'll receive an email notification before its

receive an email notification before its deletion and if you just log in and

deletion and if you just log in and start up a session you'll prevent it

start up a session you'll prevent it being removed now moving ahead in this

being removed now moving ahead in this course i will be using cloud shell quite

course i will be using cloud shell quite a bit and so feel free to use either

a bit and so feel free to use either cloud shell or the cloud sdk installed

cloud shell or the cloud sdk installed on your computer or feel free to follow

on your computer or feel free to follow along with me in the cloud shell within

along with me in the cloud shell within your google cloud environment and so if

your google cloud environment and so if you are following along please make sure

you are following along please make sure that you keep an eye on your quota and

that you keep an eye on your quota and so i hope this demonstration has given

so i hope this demonstration has given you some really good insight as to what

you some really good insight as to what you can do with cloud shell and its

you can do with cloud shell and its limitations and so that's pretty much

limitations and so that's pretty much all i wanted to cover in this

all i wanted to cover in this demonstration of cloud shell so you can

demonstration of cloud shell so you can now mark this as complete and let's move

now mark this as complete and let's move on to the next one

on to the next one [Music]

[Music] welcome back in this lesson and

welcome back in this lesson and demonstration i am going to go over

demonstration i am going to go over limits and quotas and how they affect

limits and quotas and how they affect your cloud usage within google cloud i'm

your cloud usage within google cloud i'm going to quickly go over some theory

going to quickly go over some theory followed by a demonstration on where to

followed by a demonstration on where to find the quotas and how to edit them

find the quotas and how to edit them accordingly so google cloud enforces

accordingly so google cloud enforces quotas on resource usage for project

quotas on resource usage for project owners

owners setting a hard limit on how much of a

setting a hard limit on how much of a particular google cloud resource your

particular google cloud resource your project can use and so there are two

project can use and so there are two types of resource usage that google

types of resource usage that google limits with quota the first one is rate

limits with quota the first one is rate quota such as api requests per day this

quota such as api requests per day this quota resets after a specified time such

quota resets after a specified time such as a minute or a day the second one is

as a minute or a day the second one is allocation quota

allocation quota an example is the number of virtual

an example is the number of virtual machines or load balancers used by your

machines or load balancers used by your project

project and this quota does not reset over time

and this quota does not reset over time but must be explicitly released when you

but must be explicitly released when you no longer want to use the resource

no longer want to use the resource for example by deleting a gke cluster

for example by deleting a gke cluster now quotas are enforced for a variety of

now quotas are enforced for a variety of reasons

reasons for example they protect other google

for example they protect other google cloud users by preventing unforeseen

cloud users by preventing unforeseen usage spikes

usage spikes quotas also help with resource

quotas also help with resource management so you can set your own

management so you can set your own limits on service usage within your

limits on service usage within your quota while developing and testing your

quota while developing and testing your applications

applications each quota limit is expressed in terms

each quota limit is expressed in terms of a particular countable resource from

of a particular countable resource from requests per day to an api to the number

requests per day to an api to the number of load balancers used by your

of load balancers used by your application not all projects have the

application not all projects have the same quotas for the same services and so

same quotas for the same services and so using this free trial account you may

using this free trial account you may have very limited quota compared to a

have very limited quota compared to a higher quota on a regular account as

higher quota on a regular account as well with your use of google cloud over

well with your use of google cloud over time your quotas may increase

time your quotas may increase accordingly and so you can also request

accordingly and so you can also request more quota if you need it and set up

more quota if you need it and set up monitoring and alerts

monitoring and alerts and cloud monitoring to warn you about

and cloud monitoring to warn you about unusual quota usage behavior or when

unusual quota usage behavior or when you're actually running out of quota now

you're actually running out of quota now in addition to viewing basic quota

in addition to viewing basic quota information in the console

information in the console google cloud lets you monitor quota

google cloud lets you monitor quota usage

usage limits and errors in greater depth using

limits and errors in greater depth using the cloud monitoring api and ui along

the cloud monitoring api and ui along with quota metrics appearing in the

with quota metrics appearing in the metrics explorer you can then use these

metrics explorer you can then use these metrics to create custom dashboards and

metrics to create custom dashboards and alerts

alerts letting you monitor quota usage over

letting you monitor quota usage over time

time and receive alerts when for example

and receive alerts when for example you're near a quota limit only your

you're near a quota limit only your services that support quota metrics are

services that support quota metrics are displayed and so popular supported

displayed and so popular supported services include compute engine

services include compute engine data flow

data flow cloud spanner cloud monitoring and cloud

cloud spanner cloud monitoring and cloud logging common services that are not

logging common services that are not supported include app engine cloud

supported include app engine cloud storage and cloud sql now as a note be

storage and cloud sql now as a note be aware that quota limits are updated once

aware that quota limits are updated once a day

a day and hence new limits may take up to 24

and hence new limits may take up to 24 hours to be reflected in the google

hours to be reflected in the google cloud console if your project exceeds a

cloud console if your project exceeds a particular quota while using a service

particular quota while using a service the platform will return an error

the platform will return an error in general

in general google cloud will return an http

google cloud will return an http 429 error code if you're using http or

429 error code if you're using http or rest to access the service

rest to access the service or resource exhausted if you're using

or resource exhausted if you're using grpc if you're using cloud monitoring

grpc if you're using cloud monitoring you can use it to identify the quota

you can use it to identify the quota associated with the error

associated with the error and then create custom alerts upon

and then create custom alerts upon getting a quota error and we will be

getting a quota error and we will be going into greater depth with regards to

going into greater depth with regards to monitoring later on in the course now

monitoring later on in the course now there are two ways to view your current

there are two ways to view your current quota limits in the google cloud console

quota limits in the google cloud console the first is using the quotas page which

the first is using the quotas page which gives you a list of all of your

gives you a list of all of your project's quota usage and limits the

project's quota usage and limits the second is using the api dashboard which

second is using the api dashboard which gives you the quota information for a

gives you the quota information for a particular api

particular api including resource usage over time quota

including resource usage over time quota limits are also accessible

limits are also accessible programmatically through the service

programmatically through the service usage api and so let's head into the

usage api and so let's head into the console where i will provide a

console where i will provide a demonstration

demonstration on where to look for quotas

on where to look for quotas and how to increase them when you need

and how to increase them when you need to

to and so here we are back in the console

and so here we are back in the console and so as i explained before there are

and so as i explained before there are two main ways to view your current quota

two main ways to view your current quota limits

limits in the console and so the first one is

in the console and so the first one is using the quotas page and so in order to

using the quotas page and so in order to get to the quotas page i need to go to

get to the quotas page i need to go to iam so i'm going to do that now by going

iam so i'm going to do that now by going up to the navigation menu in the top

up to the navigation menu in the top left hand corner

left hand corner i'm going to go to i am and admin and

i'm going to go to i am and admin and over to quotas

over to quotas and so here i am shown all the quotas of

and so here i am shown all the quotas of the current apis that i have enabled as

the current apis that i have enabled as you can see here it shows me the service

you can see here it shows me the service the limit name

the limit name the quota status and the details in this

the quota status and the details in this panel here on the right hand side shows

panel here on the right hand side shows me a little bit more information with

me a little bit more information with regards to the service and the quota

regards to the service and the quota itself and so let's say i wanted to

itself and so let's say i wanted to increase my quota on the compute engine

increase my quota on the compute engine api

api within networks so i'm going to select

within networks so i'm going to select this service and over here on the right

this service and over here on the right hand panel i'm going to tick the box

hand panel i'm going to tick the box that says global and i'm going to go

that says global and i'm going to go back over here to the top left

back over here to the top left and click on the edit quotas button and

and click on the edit quotas button and a panel will pop up and i am prompted to

a panel will pop up and i am prompted to enter a new quota limit

enter a new quota limit along with a description explaining to

along with a description explaining to google why i need this quota limit

google why i need this quota limit increase and so once i've completed my

increase and so once i've completed my request

request i can click on done and then submit

i can click on done and then submit request and like i said before once the

request and like i said before once the request has been submitted it will go to

request has been submitted it will go to somebody at google to evaluate the

somebody at google to evaluate the requests for approval and don't worry

requests for approval and don't worry these quota limit increases are usually

these quota limit increases are usually approved within two business days and

approved within two business days and can often times be sooner than that also

can often times be sooner than that also a great way to enter multiple quota

a great way to enter multiple quota changes is to click on the selected apis

changes is to click on the selected apis let's do bigquery api

let's do bigquery api and cloud data store api and so i've

and cloud data store api and so i've clicked off three and now i can go back

clicked off three and now i can go back up to the top and click on the edit

up to the top and click on the edit quotas button and as you can see in the

quotas button and as you can see in the panel i have all three apis that i want

panel i have all three apis that i want to increase my quotas on so i can enter

to increase my quotas on so i can enter all my new limit requests for each api

all my new limit requests for each api and then i can submit it as a bulk

and then i can submit it as a bulk request with all my new quota limit

request with all my new quota limit changes and so doing it this way would

changes and so doing it this way would increase the efficiency

increase the efficiency instead of increasing the quotas for

instead of increasing the quotas for each service one by one and because i'm

each service one by one and because i'm not going to submit any quota changes

not going to submit any quota changes i'm going to close this panel and so

i'm going to close this panel and so again using the quotas page will give

again using the quotas page will give you a list of all your project quota

you a list of all your project quota usage and its limits and allow you to

usage and its limits and allow you to request changes accordingly and so now

request changes accordingly and so now moving on to the second way which you

moving on to the second way which you can view your current quota limits i'm

can view your current quota limits i'm going to go to the api dashboard which

going to go to the api dashboard which will give me a more granular view

will give me a more granular view including the resource usage over time

including the resource usage over time so to get there i'm going to go back up

so to get there i'm going to go back up to the left hand side to the navigation

to the left hand side to the navigation menu i'm going to go to apis and

menu i'm going to go to apis and services and click on dashboard

services and click on dashboard and here i will see all the names of the

and here i will see all the names of the apis and i'm going to click on compute

apis and i'm going to click on compute engine api for this demonstration

engine api for this demonstration and over here on the left hand menu you

and over here on the left hand menu you will see quotas

will see quotas and in here as i said before

and in here as i said before you can get some really granular data

you can get some really granular data with regards to queries read requests

with regards to queries read requests list requests and a whole bunch of other

list requests and a whole bunch of other requests i'm going to drill down into

requests i'm going to drill down into queries here and i can see my queries

queries here and i can see my queries per day per 100 seconds per user and per

per day per 100 seconds per user and per 100 seconds and i can see here that my

100 seconds and i can see here that my queries per 100 seconds is at a limit of

queries per 100 seconds is at a limit of 2 000 so if i wanted to increase that

2 000 so if i wanted to increase that limit i can simply click on the pencil

limit i can simply click on the pencil icon

icon and a panel on the right hand side will

and a panel on the right hand side will prompt me to enter a new quota limit but

prompt me to enter a new quota limit but i currently see that my quota limit is

i currently see that my quota limit is at its maximum and that i need to apply

at its maximum and that i need to apply for a higher quota so when i click on

for a higher quota so when i click on the link it will bring me back to my iam

the link it will bring me back to my iam page where my services are filtered and

page where my services are filtered and i can easily find the service that i was

i can easily find the service that i was looking at to raise my quota limit and i

looking at to raise my quota limit and i can increase the quota by checking off

can increase the quota by checking off this box and clicking on the edit quotas

this box and clicking on the edit quotas button at the top of the page and so as

button at the top of the page and so as you can see the quotas page as well as

you can see the quotas page as well as the api dashboard work in tandem so that

the api dashboard work in tandem so that you can get all the information you need

you can get all the information you need with regards to quotas and limits and to

with regards to quotas and limits and to edit them accordingly and so i hope this

edit them accordingly and so i hope this gave you a good idea and some great

gave you a good idea and some great insight

insight on how you can view and edit your quotas

on how you can view and edit your quotas and quota limits according to the

and quota limits according to the resources you use and so that about

resources you use and so that about wraps up this brief yet important demo

wraps up this brief yet important demo on limits and quotas so you can now mark

on limits and quotas so you can now mark this as complete and let's move on to

this as complete and let's move on to the next section

the next section [Music]

[Music] welcome back

welcome back and in this section we're going to be

and in this section we're going to be going through in my opinion one of the

going through in my opinion one of the most important services in google cloud

most important services in google cloud identity and access management also

identity and access management also known as iam for short and i'll be

known as iam for short and i'll be diving into identities roles and the

diving into identities roles and the architecture of policies that will give

architecture of policies that will give you a very good understanding of how

you a very good understanding of how permissions are granted and how policies

permissions are granted and how policies are inherited so before i jump into i am

are inherited so before i jump into i am i wanted to touch on the principle of

i wanted to touch on the principle of least privilege just for a second now

least privilege just for a second now the principle of least privilege states

the principle of least privilege states that a user program or process

that a user program or process should have access to the bare minimum

should have access to the bare minimum privileges necessary

privileges necessary or the exact resources it needs in order

or the exact resources it needs in order to perform its function so for example

to perform its function so for example if lisa is performing a create function

if lisa is performing a create function to a cloud storage bucket

to a cloud storage bucket lisa should be restricted to create

lisa should be restricted to create permissions only on exactly one cloud

permissions only on exactly one cloud storage bucket

storage bucket she doesn't need read edit or even

she doesn't need read edit or even delete permissions on a cloud storage

delete permissions on a cloud storage bucket to perform her job and so this is

bucket to perform her job and so this is a great illustration of how this

a great illustration of how this principle works

principle works and this is something that happens in

and this is something that happens in not only google cloud but in every cloud

not only google cloud but in every cloud environment as well as any on-premises

environment as well as any on-premises environment so note that the principle

environment so note that the principle of least privilege is something that i

of least privilege is something that i have previously and will continue to be

have previously and will continue to be talking about a lot in this course and

talking about a lot in this course and this is a key term that comes up quite a

this is a key term that comes up quite a bit

bit in any major exam

in any major exam and is a rule that most apply in their

and is a rule that most apply in their working environment to avoid any

working environment to avoid any unnecessary granted permissions a

unnecessary granted permissions a well-known and unsaid rule when it comes

well-known and unsaid rule when it comes to security hence me wanting to touch on

to security hence me wanting to touch on this for a brief moment so now with that

this for a brief moment so now with that out of the way i'd like to move on to

out of the way i'd like to move on to identity and access management or i am

identity and access management or i am for short so what is it really well with

for short so what is it really well with iam you manage access control by

iam you manage access control by defining who the identity

defining who the identity has what access which is the role for

has what access which is the role for which resource and this also includes

which resource and this also includes organizations

organizations folders and projects

folders and projects in iam permission to access a resource

in iam permission to access a resource isn't granted directly to the end user

isn't granted directly to the end user instead permissions are grouped into

instead permissions are grouped into roles and roles are then granted to

roles and roles are then granted to authenticated members an iam policy

authenticated members an iam policy defines and enforces what roles are

defines and enforces what roles are granted to which members

granted to which members and this policy is attached to a

and this policy is attached to a resource so when an authenticated member

resource so when an authenticated member attempts to access a resource iam checks

attempts to access a resource iam checks the resources policy to determine

the resources policy to determine whether the action is permitted and so

whether the action is permitted and so with that being said i want to dive into

with that being said i want to dive into the policy architecture breaking it down

the policy architecture breaking it down by means of components in this policy

by means of components in this policy architecture will give you a better

architecture will give you a better understanding of how policies are put

understanding of how policies are put together so now what is a policy a

together so now what is a policy a policy is a collection of bindings audit

policy is a collection of bindings audit configuration and metadata now the

configuration and metadata now the binding specifies how access should be

binding specifies how access should be granted on resources

granted on resources and it binds one or more members with a

and it binds one or more members with a single role and any contact specific

single role and any contact specific conditions that change how and when the

conditions that change how and when the role is granted now the metadata

role is granted now the metadata includes additional information about

includes additional information about the policy such as an etag and version

the policy such as an etag and version to facilitate policy management and

to facilitate policy management and finally the audit config field specifies

finally the audit config field specifies the configuration data of how access

the configuration data of how access attempts should be audited and so now i

attempts should be audited and so now i wanted to take a moment to dive deeper

wanted to take a moment to dive deeper into each component starting with member

into each component starting with member now when it comes to members this is an

now when it comes to members this is an identity that can access a resource

identity that can access a resource so the identity of a member is an email

so the identity of a member is an email address associated with a user

address associated with a user service account or google group or even

service account or google group or even a domain name associated with a g suite

a domain name associated with a g suite or cloud identity domains now when it

or cloud identity domains now when it comes to a google account this

comes to a google account this represents any person who interacts with

represents any person who interacts with google cloud any email address that is

google cloud any email address that is associated with a google account can be

associated with a google account can be an identity including gmail.com or other

an identity including gmail.com or other domains now a service account is an

domains now a service account is an account that belongs to your application

account that belongs to your application instead of an individual end user

instead of an individual end user so when you run your code that is hosted

so when you run your code that is hosted on gcp

on gcp this is the identity you would specify

this is the identity you would specify to run your code a google group is a

to run your code a google group is a named collection of google accounts and

named collection of google accounts and can also include service accounts now

can also include service accounts now the advantages of using google groups is

the advantages of using google groups is that you can grant and change

that you can grant and change permissions

permissions for the collection of accounts all at

for the collection of accounts all at once instead of changing access one by

once instead of changing access one by one google groups can help you manage

one google groups can help you manage users at scale and each member of a

users at scale and each member of a google group inherits the iam roles

google group inherits the iam roles granted to that group the inheritance

granted to that group the inheritance means that you can use a group's

means that you can use a group's membership to manage users roles instead

membership to manage users roles instead of granting iam roles to individual

of granting iam roles to individual users moving on to g suite domains this

users moving on to g suite domains this represents your organization's internet

represents your organization's internet domain name such as

domain name such as antonyt.com and when you add a user to

antonyt.com and when you add a user to your g suite domain a new google account

your g suite domain a new google account is created for the user inside this

is created for the user inside this virtual group such as antony

virtual group such as antony antonyt.com a g suite domain in

antonyt.com a g suite domain in actuality represents a virtual group of

actuality represents a virtual group of all of the google accounts that have

all of the google accounts that have been created like google groups g suite

been created like google groups g suite domains cannot be used to establish

domains cannot be used to establish identity but they simply enable

identity but they simply enable permission management now a cloud

permission management now a cloud identity domain is like a g suite domain

identity domain is like a g suite domain but the difference is that domain users

but the difference is that domain users don't have access to g suite

don't have access to g suite applications and features so a couple

applications and features so a couple more members that i wanted to address

more members that i wanted to address is the all authenticated users and the

is the all authenticated users and the all users members the all authenticated

all users members the all authenticated users is a special identifier that

users is a special identifier that represents anyone who is authenticated

represents anyone who is authenticated with a google account or a service

with a google account or a service account users who are not authenticated

account users who are not authenticated such as anonymous visitors are not

such as anonymous visitors are not included and finally the all users

included and finally the all users member is a special identifier that

member is a special identifier that represents anyone and everyone so any

represents anyone and everyone so any user who is on the internet including

user who is on the internet including authenticated and unauthenticated users

authenticated and unauthenticated users and this covers the slew of the

and this covers the slew of the different types of members now touching

different types of members now touching on the next component of policies is

on the next component of policies is roles now diving into roles this is a

roles now diving into roles this is a named collection of permissions that

named collection of permissions that grant access to perform actions on

grant access to perform actions on google cloud resources

google cloud resources so at the heart of it permissions are

so at the heart of it permissions are what determines what operations are

what determines what operations are allowed on a resource they usually but

allowed on a resource they usually but not always correspond one-to-one with

not always correspond one-to-one with rest methods that is each google cloud

rest methods that is each google cloud service has an associated permission for

service has an associated permission for each rest method that it has so to call

each rest method that it has so to call a method the caller needs that

a method the caller needs that permission now these permissions are not

permission now these permissions are not granted to the users directly but

granted to the users directly but grouped together within the role you

grouped together within the role you would then grant roles which contain one

would then grant roles which contain one or more permissions

or more permissions you can also create a custom role by

you can also create a custom role by combining one or more of the available

combining one or more of the available iam permissions and again permissions

iam permissions and again permissions allow users to perform specific actions

allow users to perform specific actions on google cloud resources so you will

on google cloud resources so you will typically see a permission such as the

typically see a permission such as the one you see here

one you see here compute.instances.list

compute.instances.list and within google cloud iam permissions

and within google cloud iam permissions are represented in this form

are represented in this form service.resource.verb

service.resource.verb so just as a recap on roles this is a

so just as a recap on roles this is a collection of permissions

collection of permissions and you cannot grant a permission

and you cannot grant a permission directly to the user but you grant a

directly to the user but you grant a role to a user and all the permissions

role to a user and all the permissions that the role contains so an example is

that the role contains so an example is shown here where the compute instances

shown here where the compute instances permissions are grouped together in a

permissions are grouped together in a role now you can grant permissions by

role now you can grant permissions by granting roles to a user a group or a

granting roles to a user a group or a service account so moving up into a more

service account so moving up into a more broader level there are three types of

broader level there are three types of roles in iam

roles in iam there are the primitive roles the

there are the primitive roles the predefined roles

predefined roles and the custom roles

and the custom roles with the primitive roles

with the primitive roles these are roles that existed prior to

these are roles that existed prior to the introduction of iam

the introduction of iam and they consist of three specific roles

and they consist of three specific roles owner editor and viewer and these roles

owner editor and viewer and these roles are concentric which means that the

are concentric which means that the owner role includes the permissions in

owner role includes the permissions in the editor role and the editor role

the editor role and the editor role includes the permissions in the viewer

includes the permissions in the viewer role and you can apply primitive roles

role and you can apply primitive roles at the project or service resource

at the project or service resource levels by using the console the api and

levels by using the console the api and the gcloud tool just as a note you

the gcloud tool just as a note you cannot grant the owner role to a member

cannot grant the owner role to a member for a project using the iam api or the

for a project using the iam api or the gcloud command line tool you can only

gcloud command line tool you can only add owners to a project using the cloud

add owners to a project using the cloud console as well

console as well google recommends avoiding these roles

google recommends avoiding these roles if possible due to the nature of how

if possible due to the nature of how much access the permissions are given in

much access the permissions are given in these specific roles google recommends

these specific roles google recommends that you use pre-defined roles over

that you use pre-defined roles over primitive roles and so moving into

primitive roles and so moving into predefined roles

predefined roles these are roles that give granular and

these are roles that give granular and finer-grained access control than the

finer-grained access control than the primitive roles to specific google cloud

primitive roles to specific google cloud resources and prevent any unwanted

resources and prevent any unwanted access to other resources predefined

access to other resources predefined roles are created and maintained by

roles are created and maintained by google their permissions are

google their permissions are automatically updated as necessary when

automatically updated as necessary when new features or services are added to

new features or services are added to google cloud now when it comes to custom

google cloud now when it comes to custom roles these are user defined and allow

roles these are user defined and allow you to bundle one or more supported

you to bundle one or more supported permissions to meet your specific needs

permissions to meet your specific needs unlike predefined roles custom roles are

unlike predefined roles custom roles are not maintained by google so when new

not maintained by google so when new permissions features or services are

permissions features or services are added to google cloud your custom roles

added to google cloud your custom roles will not be updated automatically when

will not be updated automatically when you create a custom role you must choose

you create a custom role you must choose an organization or project to create it

an organization or project to create it in you can then grant the custom role on

in you can then grant the custom role on the organization or project as well as

the organization or project as well as any resources within that organization

any resources within that organization or project and just as a note you cannot

or project and just as a note you cannot create custom roles at the folder level

create custom roles at the folder level if you need to use a custom role within

if you need to use a custom role within a folder define the custom role on the

a folder define the custom role on the parent of that folder as well the custom

parent of that folder as well the custom roles user interface is only available

roles user interface is only available to users who have permissions to create

to users who have permissions to create or manage custom roles by default only

or manage custom roles by default only project owners can create new roles now

project owners can create new roles now there is one limitation that i wanted to

there is one limitation that i wanted to point out

point out and that is that some predefined roles

and that is that some predefined roles contain permissions that are not

contain permissions that are not permitted in custom roles so i highly

permitted in custom roles so i highly recommend that you check whether you can

recommend that you check whether you can use a specific permission when making a

use a specific permission when making a custom role custom roles also have a

custom role custom roles also have a really cool feature that includes a

really cool feature that includes a launch stage which is stored in the

launch stage which is stored in the stage property for the role the stage is

stage property for the role the stage is informational and helps you keep track

informational and helps you keep track of how close each role is to being

of how close each role is to being generally available and these launch

generally available and these launch stages are available in the stages shown

stages are available in the stages shown here

here alpha which is in testing beta which is

alpha which is in testing beta which is tested and awaiting approval and of

tested and awaiting approval and of course ga which is generally available

course ga which is generally available and i'll be getting hands-on later with

and i'll be getting hands-on later with these roles in an upcoming demonstration

these roles in an upcoming demonstration so now moving on to the next component

so now moving on to the next component is conditions and so a condition is a

is conditions and so a condition is a logic expression and is used to define

logic expression and is used to define and enforce

and enforce conditional

conditional attribute-based access control for

attribute-based access control for google cloud resources conditions allow

google cloud resources conditions allow you to choose

you to choose granting resource access to identities

granting resource access to identities also known as members only if configured

also known as members only if configured conditions are met for example this

conditions are met for example this could be done to configure temporary

could be done to configure temporary access for users that are contractors

access for users that are contractors and have been given specific access for

and have been given specific access for a certain amount of time a condition

a certain amount of time a condition could be put in place to remove the

could be put in place to remove the access they needed once the contract has

access they needed once the contract has ended conditions are specified in the

ended conditions are specified in the role bindings of a resources im policy

role bindings of a resources im policy so when a condition exists the access

so when a condition exists the access request is only granted if the condition

request is only granted if the condition expression is true so now moving on to

expression is true so now moving on to metadata this component carries both e

metadata this component carries both e tags and version so first touching on e

tags and version so first touching on e when multiple systems try to write to

when multiple systems try to write to the same im policy at the same time

the same im policy at the same time there is a risk that those systems might

there is a risk that those systems might overwrite each other's changes and the

overwrite each other's changes and the risk exists because updating an im

risk exists because updating an im policy involves multiple operations so

policy involves multiple operations so in order to help prevent this issue iam

in order to help prevent this issue iam supports concurrency control through the

supports concurrency control through the use of an etag field in the policy the

use of an etag field in the policy the value of this field changes each time a

value of this field changes each time a policy is updated now when it comes to a

policy is updated now when it comes to a version

version this is a version number that is added

this is a version number that is added to determine features such as a

to determine features such as a condition

condition and for future releases of new features

and for future releases of new features it is also used to avoid breaking your

it is also used to avoid breaking your existing integrations on new feature

existing integrations on new feature releases that rely on consistency in the

releases that rely on consistency in the policy structure

policy structure also when new policy schema versions are

also when new policy schema versions are introduced and lastly we have the

introduced and lastly we have the auditconfig component and this is used

auditconfig component and this is used in order to configure audit logging for

in order to configure audit logging for the policy it determines which

the policy it determines which permission types are logged and what

permission types are logged and what identities if any are exempted from

identities if any are exempted from logging and so to sum it up this is a

logging and so to sum it up this is a policy in all its entirety each

policy in all its entirety each component as you can see plays a

component as you can see plays a different part and i will be going

different part and i will be going through policies and how they are

through policies and how they are assembled in statements in a later

assembled in statements in a later lesson and so there is one more thing

lesson and so there is one more thing that i wanted to touch on before ending

that i wanted to touch on before ending this lesson and that is the policy

this lesson and that is the policy inheritance when it comes to resource

inheritance when it comes to resource hierarchy and so as explained in an

hierarchy and so as explained in an earlier lesson you can set an im policy

earlier lesson you can set an im policy at any level in the resource hierarchy

at any level in the resource hierarchy the organization level the folder level

the organization level the folder level the project level or the resource level

the project level or the resource level and resources inherit the policies of

and resources inherit the policies of all their parent resources the effective

all their parent resources the effective policy for a resource

policy for a resource is the union of the policy set on that

is the union of the policy set on that resource and the policies inherited from

resource and the policies inherited from higher up in the hierarchy and so again

higher up in the hierarchy and so again i wanted to reiterate that this policy

i wanted to reiterate that this policy inheritance is transitive in other words

inheritance is transitive in other words resources inherit policies from the

resources inherit policies from the project

project which inherit policies from folders

which inherit policies from folders which inherit policies from the

which inherit policies from the organization therefore the organization

organization therefore the organization level policies

level policies also apply at the resource level and so

also apply at the resource level and so just a quick example if i apply a policy

just a quick example if i apply a policy on project x

on project x on any resources within that project the

on any resources within that project the effective policy is going to be a union

effective policy is going to be a union of these policies as the resources will

of these policies as the resources will inherit the policy that is granted to

inherit the policy that is granted to project x so i hope this gave you a

project x so i hope this gave you a better understanding of how policies are

better understanding of how policies are granted as well as the course structure

granted as well as the course structure and so that's all i have for this lesson

and so that's all i have for this lesson so you can now mark this lesson as

so you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

one [Music]

[Music] welcome back and in this lesson i wanted

welcome back and in this lesson i wanted to build on the last lesson where we

to build on the last lesson where we went through iam and policy architecture

went through iam and policy architecture and dive deeper into policies and

and dive deeper into policies and conditions when it comes to putting them

conditions when it comes to putting them together in policy statements as cloud

together in policy statements as cloud engineers you should be able to read and

engineers you should be able to read and decipher policy statements and

decipher policy statements and understand how they're put together by

understand how they're put together by using all the components that we

using all the components that we discussed earlier so just as a refresher

discussed earlier so just as a refresher i wanted to go over the policy

i wanted to go over the policy architecture again now as i discussed

architecture again now as i discussed previously a policy is a collection of

previously a policy is a collection of statements that define who has what type

statements that define who has what type of access it is attached to a resource

of access it is attached to a resource and is used to enforce access control

and is used to enforce access control whenever that resource is accessed now

whenever that resource is accessed now the binding within that policy binds one

the binding within that policy binds one or more members with a single role and

or more members with a single role and any context specific conditions so in

any context specific conditions so in other words the member roles and

other words the member roles and conditions are bound together using a

conditions are bound together using a binding combined with the metadata and

binding combined with the metadata and audit config we have a policy so now

audit config we have a policy so now taking all of this and putting it

taking all of this and putting it together in a policy statement shown

together in a policy statement shown here you can see the bindings which have

here you can see the bindings which have the role the members and conditions the

the role the members and conditions the first member being tony beauties

first member being tony beauties gmail.com holding the role of storage

gmail.com holding the role of storage admin and the second member as

admin and the second member as larkfetterlogin at gmail.com

larkfetterlogin at gmail.com holding the role of storage object

holding the role of storage object viewer now because lark only needs to

viewer now because lark only needs to view the files for this project in cloud

view the files for this project in cloud storage till the new year a condition

storage till the new year a condition has been applied that does not grant

has been applied that does not grant access for lark to view these files

access for lark to view these files after january the 1st an e tag has been

after january the 1st an e tag has been put in and the version is numbered 3 due

put in and the version is numbered 3 due to the condition which i will get into a

to the condition which i will get into a little bit later this policy statement

little bit later this policy statement has been structured in json format and

has been structured in json format and is a common format used in policy

is a common format used in policy statements moving on we have the exact

statements moving on we have the exact same policy statement but has been

same policy statement but has been formatted in yaml as you can see the

formatted in yaml as you can see the members roles and conditions in the

members roles and conditions in the bindings are exactly the same as well as

bindings are exactly the same as well as the etag and version but due to the

the etag and version but due to the formatting it is much more condensed so

formatting it is much more condensed so as you can see policy statements can be

as you can see policy statements can be written in both json or yaml depending

written in both json or yaml depending on your preference my personal

on your preference my personal preference is to write my policy

preference is to write my policy statements in yaml due to the shorter

statements in yaml due to the shorter and cleaner format so i will be moving

and cleaner format so i will be moving ahead in this course with more

ahead in this course with more statements written in yaml when you are

statements written in yaml when you are looking to query your projects for its

looking to query your projects for its granted policies

granted policies an easy way to do this would be to query

an easy way to do this would be to query it from the command line as shown here

it from the command line as shown here here i've taken a screenshot from tony

here i've taken a screenshot from tony bowtie ace in the cloud shell and have

bowtie ace in the cloud shell and have used the command gcloud projects get

used the command gcloud projects get dash iam

dash iam policy with the project id and this

policy with the project id and this brought up all the members and roles

brought up all the members and roles within the bindings

within the bindings as well as the etag and version for the

as well as the etag and version for the policy that has been attached to this

policy that has been attached to this project and as you can see here i have

project and as you can see here i have no conditions in place for any of my

no conditions in place for any of my bindings and so again using the command

bindings and so again using the command gcloud projects

gcloud projects get dash iam dash policy along with the

get dash iam dash policy along with the project id will bring up any policies

project id will bring up any policies that are attached to this resource and

that are attached to this resource and the resource being the project id if the

the resource being the project id if the resource were to be the folder id then

resource were to be the folder id then you could use the command gcloud

you could use the command gcloud resource dash manager

resource dash manager folders get dash iam-policy

folders get dash iam-policy with the folder id and for organizations

with the folder id and for organizations the command would be gcloud

the command would be gcloud organizations get dash

organizations get dash iam-policy along with the organization

iam-policy along with the organization id now because we don't have any folders

id now because we don't have any folders or organizations in our environment

or organizations in our environment typing these commands in wouldn't bring

typing these commands in wouldn't bring up anything and just as a note using

up anything and just as a note using these commands in the cloud shell or in

these commands in the cloud shell or in the sdk will bring up the policy

the sdk will bring up the policy statement formatted in yaml so now i

statement formatted in yaml so now i wanted to just take a second to dive

wanted to just take a second to dive into policy versions now as i haven't

into policy versions now as i haven't covered versions in detail i wanted to

covered versions in detail i wanted to quickly go over it and the reasons for

quickly go over it and the reasons for each numbered version now version one of

each numbered version now version one of the i am syntax schema for policies

the i am syntax schema for policies supports binding one role to one or more

supports binding one role to one or more members

members it does not support conditional role

it does not support conditional role bindings and so usually with version 1

bindings and so usually with version 1 you will not see any conditions version

you will not see any conditions version 2 is used for google's internal use and

2 is used for google's internal use and so querying policies

so querying policies usually you will not see a version 2.

usually you will not see a version 2. and finally with version 3 this

and finally with version 3 this introduces the condition field in the

introduces the condition field in the role binding which constrains the role

role binding which constrains the role binding via contact space and attributes

binding via contact space and attributes based rules so just as a note if your

based rules so just as a note if your request does not specify a policy

request does not specify a policy version

version iam will assume that you want a version

iam will assume that you want a version 1 policy and again if the policy does

1 policy and again if the policy does not contain any conditions

not contain any conditions then iam always returns a version one

then iam always returns a version one policy regardless of the version number

policy regardless of the version number in the request so moving on to some

in the request so moving on to some policy limitations each resource can

policy limitations each resource can only have one policy and this includes

only have one policy and this includes organizations folders and projects

organizations folders and projects another limitation

another limitation is that each iam policy can contain up

is that each iam policy can contain up to 1500 members

to 1500 members and up to 250 of these members

and up to 250 of these members can be google groups now when making

can be google groups now when making policy changes it will take up to seven

policy changes it will take up to seven minutes to fully propagate across the

minutes to fully propagate across the google cloud platform this does not

google cloud platform this does not happen instantaneously as iam is global

happen instantaneously as iam is global as well there is a limit of 100

as well there is a limit of 100 conditional role bindings per policy now

conditional role bindings per policy now getting a little bit deeper into

getting a little bit deeper into conditions

conditions these are attributes that are either

these are attributes that are either based on resource or based on details

based on resource or based on details about the request and this could vary

about the request and this could vary from time stamp to originating or

from time stamp to originating or destination ip address now as you

destination ip address now as you probably heard me use the term earlier

probably heard me use the term earlier conditional role bindings are another

conditional role bindings are another name for a policy that holds a condition

name for a policy that holds a condition within the binding conditional role

within the binding conditional role bindings can be added to new or existing

bindings can be added to new or existing iam policies

iam policies to further control access to google

to further control access to google cloud resources so when it comes to

cloud resources so when it comes to resource attributes this would enable

resource attributes this would enable you to create conditions that evaluate

you to create conditions that evaluate the resource in the access request

the resource in the access request including the resource type the resource

including the resource type the resource name and the google cloud service being

name and the google cloud service being used request attributes allow you to

used request attributes allow you to manage access based on days or hours of

manage access based on days or hours of the week a conditional role binding can

the week a conditional role binding can be used to grant time bounded access to

be used to grant time bounded access to a resource ensuring that a user can no

a resource ensuring that a user can no longer access that resource after the

longer access that resource after the specified expiry date and time and this

specified expiry date and time and this sets temporary access to google cloud

sets temporary access to google cloud resources using conditional role

resources using conditional role bindings in iam policies by using the

bindings in iam policies by using the date time attributes shown here you can

date time attributes shown here you can enforce time-based controls when

enforce time-based controls when accessing a given resource now showing

accessing a given resource now showing another example of a time-based

another example of a time-based condition it is possible to get even

condition it is possible to get even more granular and scope the geographic

more granular and scope the geographic region

region along with the day and time for access

along with the day and time for access in this policy lark only has access

in this policy lark only has access during business hours to view any

during business hours to view any objects within cloud storage lark can

objects within cloud storage lark can only access these objects from monday to

only access these objects from monday to friday nine to five this policy can also

friday nine to five this policy can also be used as a great example for

be used as a great example for contractors coming into your business

contractors coming into your business yet only needing access during business

yet only needing access during business hours now an example of a resource-based

hours now an example of a resource-based condition shown here a group member has

condition shown here a group member has a condition tied to it where dev only

a condition tied to it where dev only access has been implemented any

access has been implemented any developers that are part of this group

developers that are part of this group will only have access to vm resources

will only have access to vm resources within project cat bowties and tied to

within project cat bowties and tied to any resources that's name starts with

any resources that's name starts with the word development now some

the word development now some limitations when it comes to conditions

limitations when it comes to conditions is that conditions are limited to

is that conditions are limited to specific services

specific services primitive roles are unsupported and

primitive roles are unsupported and members cannot be of the all users or

members cannot be of the all users or all authenticated users members

all authenticated users members conditions also hold a limit of 100

conditions also hold a limit of 100 conditional role bindings per policy as

conditional role bindings per policy as well as 20 role bindings for the same

well as 20 role bindings for the same role and same member and so for the last

role and same member and so for the last part of the policy statements i wanted

part of the policy statements i wanted to touch on audit config logs and this

to touch on audit config logs and this specifies the audit configuration for a

specifies the audit configuration for a service the configuration determines

service the configuration determines which permission types are logged and

which permission types are logged and what identities if any are exempted from

what identities if any are exempted from logging and when specifying audit

logging and when specifying audit configs they must have one or more audit

configs they must have one or more audit log configs now as shown here

log configs now as shown here this policy enables data read data write

this policy enables data read data write and admin read logging on all services

and admin read logging on all services while exempting tony bowtie ace

while exempting tony bowtie ace gmail.com

gmail.com from admin read logging on cloud storage

from admin read logging on cloud storage and so that's pretty much all i wanted

and so that's pretty much all i wanted to cover in this lesson

to cover in this lesson on policies policy statements

on policies policy statements and conditions and so i highly recommend

and conditions and so i highly recommend as you come across more policy

as you come across more policy statements take the time to read through

statements take the time to read through it and get to know exactly

it and get to know exactly what the statement is referring to and

what the statement is referring to and what type of permissions that are given

what type of permissions that are given and this will help you not only in the

and this will help you not only in the exam but will also help you in reading

exam but will also help you in reading and writing policy statements in future

and writing policy statements in future and so that's all i have for this lesson

and so that's all i have for this lesson so you can now mark this lesson as

so you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

one [Music]

[Music] welcome back

welcome back and in this demonstration i'm going to

and in this demonstration i'm going to do a hands-on tour working with iam here

do a hands-on tour working with iam here in the google cloud console we're going

in the google cloud console we're going to go through the available services in

to go through the available services in the iam console as well as touching on

the iam console as well as touching on the command line in the cloud shell to

the command line in the cloud shell to show how policies can be both added and

show how policies can be both added and edited we're also going to be bringing

edited we're also going to be bringing in another new user to really bring this

in another new user to really bring this demo to life and to show you how to edit

demo to life and to show you how to edit existing policies so with that being

existing policies so with that being said let's dive in so if i go over here

said let's dive in so if i go over here to my user icon in the top right hand

to my user icon in the top right hand corner i can see that i am logged in as

corner i can see that i am logged in as tony bowtie ace

tony bowtie ace gmail.com and as you can see at the top

gmail.com and as you can see at the top i'm here in project tony so now to get

i'm here in project tony so now to get to iam i'm going to go over to the

to iam i'm going to go over to the navigation menu

navigation menu and i'm going to go to i am in admin and

and i'm going to go to i am in admin and over to iam now moving over here to the

over to iam now moving over here to the menu on the left i wanted to go through

menu on the left i wanted to go through the different options that we have in

the different options that we have in iam so under iam itself this is where

iam so under iam itself this is where you would add or edit permissions

you would add or edit permissions with regards to members and roles for

with regards to members and roles for the policy added to your given project

the policy added to your given project which in my case is project tony and

which in my case is project tony and i'll be coming back in just a bit to go

i'll be coming back in just a bit to go greater in depth with regards to adding

greater in depth with regards to adding and editing the policy permissions

and editing the policy permissions moving on to identity and organization

moving on to identity and organization now although we haven't touched on cloud

now although we haven't touched on cloud identity yet i will be covering this in

identity yet i will be covering this in high level detail in a different lesson

high level detail in a different lesson but for now know that cloud identity is

but for now know that cloud identity is google cloud's identity as a service

google cloud's identity as a service solution and it allows you to create and

solution and it allows you to create and manage users and groups within google

manage users and groups within google cloud now if i was signed into cloud

cloud now if i was signed into cloud identity i would have a whole bunch of

identity i would have a whole bunch of options here but since this is a

options here but since this is a personal account i cannot create or

personal account i cannot create or manage any users as well i do not have a

manage any users as well i do not have a domain tied to any cloud identity

domain tied to any cloud identity account as well as any g suite account

account as well as any g suite account so just know that if you had cloud

so just know that if you had cloud identity or g suite set up you would

identity or g suite set up you would have a bunch of different options to

have a bunch of different options to choose from in order to help you manage

choose from in order to help you manage your users and groups and here under

your users and groups and here under organization policies

organization policies i'm able to manage organization policies

i'm able to manage organization policies but since i am not an organization

but since i am not an organization policy administrator and i don't have an

policy administrator and i don't have an organization there's not much that i can

organization there's not much that i can do here just know that when you have an

do here just know that when you have an organization set up you are able to come

organization set up you are able to come here in order to manage and edit your

here in order to manage and edit your organization policies now moving under

organization policies now moving under quotas we went over this in a little bit

quotas we went over this in a little bit of detail in a previous lesson and again

of detail in a previous lesson and again this is to edit any quotas for any of

this is to edit any quotas for any of your services in case you need a limit

your services in case you need a limit increase moving on to service accounts

increase moving on to service accounts i will be covering this topic in great

i will be covering this topic in great depth in a later lesson and we'll be

depth in a later lesson and we'll be going through a hands-on demonstration

going through a hands-on demonstration as well now i know i haven't touched

as well now i know i haven't touched much on labels as of yet but know that

much on labels as of yet but know that labels are a key value pair that helps

labels are a key value pair that helps you organize and then filter your

you organize and then filter your resources based on their labels these

resources based on their labels these same labels are also forwarded to your

same labels are also forwarded to your billing system so you can then break

billing system so you can then break down your billing charges by label and

down your billing charges by label and you can also use labels based on teams

you can also use labels based on teams cost centers components and even

cost centers components and even environments

environments so for example if i wanted to label my

so for example if i wanted to label my virtual machines by environment i can

virtual machines by environment i can simply use environment as the key and as

simply use environment as the key and as the value i can use anything from

the value i can use anything from development

development to qa

to qa to testing

to testing to production and i could simply add

to production and i could simply add this label and add all the different

this label and add all the different environments and later i'd be able to

environments and later i'd be able to query based on these specific labels now

query based on these specific labels now a good rule of thumb is to label all of

a good rule of thumb is to label all of your resources so that this way you're

your resources so that this way you're able to find them a lot easier and

able to find them a lot easier and you're able to query them a lot easier

you're able to query them a lot easier so moving forward with any of your

so moving forward with any of your resources that you are creating be sure

resources that you are creating be sure to add some labels to give you maximum

to add some labels to give you maximum flexibility so i'm going to discard

flexibility so i'm going to discard these changes and we're going to move on

these changes and we're going to move on to settings and we touched on settings

to settings and we touched on settings in an earlier lesson with regards to

in an earlier lesson with regards to projects and so here i could change the

projects and so here i could change the project name it'll give me the project

project name it'll give me the project id the project number and i'm able to

id the project number and i'm able to migrate or shut down the project now

migrate or shut down the project now when it comes to access transparency

when it comes to access transparency this provides you with logs that capture

this provides you with logs that capture the actions that google personnel take

the actions that google personnel take when they're accessing your content for

when they're accessing your content for troubleshooting so they're like cloud

troubleshooting so they're like cloud audit logs but for google support now in

audit logs but for google support now in order to enable access transparency for

order to enable access transparency for your google cloud organization

your google cloud organization your google cloud account must have a

your google cloud account must have a premium support plan or a minimum level

premium support plan or a minimum level of a 400 a month support plan and

of a 400 a month support plan and because i don't have this i wouldn't be

because i don't have this i wouldn't be able to enable access transparency now

able to enable access transparency now although access transparency is not on

although access transparency is not on the exam

the exam this is a great feature to know about in

this is a great feature to know about in case you are working in any bigger

case you are working in any bigger environments that have these support

environments that have these support plans and compliance is of the utmost

plans and compliance is of the utmost importance now moving into privacy and

importance now moving into privacy and security this is where google supplies

security this is where google supplies all of their clients of google cloud the

all of their clients of google cloud the compliance that they need in order to

compliance that they need in order to meet regulations across the world and

meet regulations across the world and across various industries such as health

across various industries such as health care and education and because google

care and education and because google has a broad base in europe google

has a broad base in europe google provides capabilities and contractual

provides capabilities and contractual commitments created to meet data

commitments created to meet data protection recommendations which is why

protection recommendations which is why you can see here eu model contract

you can see here eu model contract clauses

clauses and eu representative contacts as well

and eu representative contacts as well under transparency and control i'm able

under transparency and control i'm able to disable the usage data that google

to disable the usage data that google collects in order to provide better data

collects in order to provide better data insights and recommendations and this is

insights and recommendations and this is done at the project level and as well i

done at the project level and as well i have the option of going over to my

have the option of going over to my billing account and i could select a

billing account and i could select a different billing account that's linked

different billing account that's linked to some other projects that you can get

to some other projects that you can get recommendations on and so continuing

recommendations on and so continuing forward identity aware proxy is

forward identity aware proxy is something that i will be covering in a

something that i will be covering in a later lesson and so i won't be getting

later lesson and so i won't be getting into any detail about that right now and

into any detail about that right now and so what i really wanted to dig into is

so what i really wanted to dig into is roles now this may look familiar as i

roles now this may look familiar as i touched on this very briefly in a

touched on this very briefly in a previous lesson and here's where i can

previous lesson and here's where i can create roles

create roles i can create some custom roles from

i can create some custom roles from different selections and here i have

different selections and here i have access to all the permissions

access to all the permissions and if i wanted to i can filter down

and if i wanted to i can filter down from the different types the names the

from the different types the names the permissions even the status so let's say

permissions even the status so let's say i was looking for a specific permission

i was looking for a specific permission and i'm looking all the permissions for

and i'm looking all the permissions for projects this could help me find exactly

projects this could help me find exactly what it is that i'm looking for and

what it is that i'm looking for and these filters allow me to get really

these filters allow me to get really granular so i can find the exact

granular so i can find the exact permission and so you can get really

permission and so you can get really granular with regards to your

granular with regards to your permissions and create roles that are

permissions and create roles that are custom to your environment now moving on

custom to your environment now moving on to audit logs here i can enable the auto

to audit logs here i can enable the auto logs without having to use a specific

logs without having to use a specific policy by simply clicking on default

policy by simply clicking on default autoconfig and here i can turn on and

autoconfig and here i can turn on and off

off all the selected logging

all the selected logging as well as add any exempted users now i

as well as add any exempted users now i don't recommend that you turn these on

don't recommend that you turn these on as audit logging can create an extremely

as audit logging can create an extremely large amount of data and can quickly

large amount of data and can quickly blow through all of your 300 credit so

blow through all of your 300 credit so i'm going to keep that off move back to

i'm going to keep that off move back to the main screen of the audit logs and as

the main screen of the audit logs and as well here i'm able to get really

well here i'm able to get really granular about what i want to log now

granular about what i want to log now quickly touching on audit logs in the

quickly touching on audit logs in the command line i wanted to quickly open up

command line i wanted to quickly open up cloud shell and show you an example of

cloud shell and show you an example of how i can edit the policy in order to

how i can edit the policy in order to enable audit logging just going to make

enable audit logging just going to make this a little bit bigger

this a little bit bigger and i'm going to paste in my command

and i'm going to paste in my command gcloud projects get dash iam

gcloud projects get dash iam dash policy

dash policy with the project id which is project

with the project id which is project tony

tony 286016 and i'm gonna just hit enter

286016 and i'm gonna just hit enter and as you can see here this is my

and as you can see here this is my current policy and as well as expected

current policy and as well as expected audit logs are not enabled due to the

audit logs are not enabled due to the fact that the audit config field is not

fact that the audit config field is not present so in order for me to enable the

present so in order for me to enable the audit config logs i'm going to have to

audit config logs i'm going to have to edit the policy and so the easiest way

edit the policy and so the easiest way for me to do that is for me to run the

for me to do that is for me to run the same command and output it to a file

same command and output it to a file where i can edit it and i'm going to

where i can edit it and i'm going to call this

call this new dash policy dot yaml and so now that

new dash policy dot yaml and so now that my policy has been outputted to this

my policy has been outputted to this file i'm going to now go into the editor

file i'm going to now go into the editor and as you can see my new policy.yaml is

and as you can see my new policy.yaml is right here and so for me to enable the

right here and so for me to enable the autoconfig logs i'm going to simply

autoconfig logs i'm going to simply append it to the file and then i'm going

append it to the file and then i'm going to go over here to the top menu

to go over here to the top menu and click on file and save and so now

and click on file and save and so now for me to apply this new policy i'm

for me to apply this new policy i'm going to go back over to the terminal

going to go back over to the terminal and now i'm going to paste in the

and now i'm going to paste in the command

command gcloud projects set dash

gcloud projects set dash iam-policy with the project id and the

iam-policy with the project id and the file name new dash policy dot yaml and

file name new dash policy dot yaml and i'm just going to hit enter

i'm just going to hit enter and as you can see the audit log configs

and as you can see the audit log configs have been enabled for all services and

have been enabled for all services and because this may take some time to

because this may take some time to reflect in the console it will not show

reflect in the console it will not show up right away but either way audit logs

up right away but either way audit logs usually take up a lot of data and i

usually take up a lot of data and i don't want to blow through my 300 credit

don't want to blow through my 300 credit and so i'm going to disable them now the

and so i'm going to disable them now the easiest way for me to do this is to

easiest way for me to do this is to output this policy to another file edit

output this policy to another file edit it and set it again and so i'm going to

it and set it again and so i'm going to go ahead and do that i'm going to first

go ahead and do that i'm going to first clear the screen and then i'm going to

clear the screen and then i'm going to paste in my command while outputting it

paste in my command while outputting it to a new file called updated dash policy

to a new file called updated dash policy dot yaml and i'm gonna hit enter and now

dot yaml and i'm gonna hit enter and now i'm gonna go into the editor so i can

i'm gonna go into the editor so i can edit the file now the one thing i wanted

edit the file now the one thing i wanted to point out is that i could have

to point out is that i could have overwritten

overwritten the file new dash policy but if you look

the file new dash policy but if you look here in the updated policy the e-tag

here in the updated policy the e-tag is different than the e-tag in the old

is different than the e-tag in the old policy and so this allowed me to

policy and so this allowed me to highlight e-tags when it comes to

highlight e-tags when it comes to editing and creating new policies and so

editing and creating new policies and so when editing policies make sure that the

when editing policies make sure that the etag is correct otherwise you will

etag is correct otherwise you will receive an error and not be able to set

receive an error and not be able to set the new policy so going back to the

the new policy so going back to the updated policy file i'm going to take

updated policy file i'm going to take out the audit log configs and i'm going

out the audit log configs and i'm going to leave the auto configs field there

to leave the auto configs field there and i'm going to go to the menu click on

and i'm going to go to the menu click on file and then save now i'm going to go

file and then save now i'm going to go back to the terminal and i'm going to

back to the terminal and i'm going to paste in the new command and this will

paste in the new command and this will update my policy and as you can see the

update my policy and as you can see the audit config logs have been disabled and

audit config logs have been disabled and the policy has been updated now this is

the policy has been updated now this is the same process that you can use when

the same process that you can use when you want to update any parts of the

you want to update any parts of the policy when it comes to your members or

policy when it comes to your members or roles and even adding any conditions so

roles and even adding any conditions so now moving on to the last item on the

now moving on to the last item on the menu

menu is groups

is groups and as you can see here because i do not

and as you can see here because i do not have an organization i'm not able to

have an organization i'm not able to view any groups and so if i did have an

view any groups and so if i did have an organization i could manage my groups

organization i could manage my groups right here in this page now moving back

right here in this page now moving back over to iam

over to iam i wanted to dig into policies in a

i wanted to dig into policies in a little bit of further detail now what we

little bit of further detail now what we see here are the permissions and roles

see here are the permissions and roles that have been granted to selected

that have been granted to selected members in this specific project which

members in this specific project which is project tony now remember an im

is project tony now remember an im policy is a total collection of members

policy is a total collection of members that have roles granted to them in

that have roles granted to them in what's known as a binding and then the

what's known as a binding and then the binding is applied to that layer and all

binding is applied to that layer and all other layers underneath it and since i'm

other layers underneath it and since i'm at the project layer this policy is

at the project layer this policy is inherited by all the resources

inherited by all the resources underneath it and so just to verify

underneath it and so just to verify through the command line i'm going to

through the command line i'm going to open up cloud shell

and i'm going to paste in the command gcloud projects get dash

gcloud projects get dash iam-policy with my project id

iam-policy with my project id and i'm going to hit enter

and i'm going to hit enter and as you can see here the policy is a

and as you can see here the policy is a reflection of exactly what you see here

reflection of exactly what you see here in the console so as you can see here

in the console so as you can see here here's the service agent which you will

here's the service agent which you will find here and the other two service

find here and the other two service accounts which you will find above

accounts which you will find above as well as tony bowtie ace gmail.com and

as well as tony bowtie ace gmail.com and all the other roles that accompany those

all the other roles that accompany those members so as i mentioned earlier i've

members so as i mentioned earlier i've gone ahead and created a new user and so

gone ahead and created a new user and so for those who are following along you

for those who are following along you can go ahead and feel free to create a

can go ahead and feel free to create a new gmail user now going ahead with this

new gmail user now going ahead with this demonstration the user i created is

demonstration the user i created is named laura delightful now tony needed

named laura delightful now tony needed an extra hand and decided to bring her

an extra hand and decided to bring her onto the team from another department

onto the team from another department now unfortunately in order for laura to

now unfortunately in order for laura to help tony on the project she needs

help tony on the project she needs access to this project and as you can

access to this project and as you can see she doesn't have any access and so

see she doesn't have any access and so we're going to go ahead and change that

we're going to go ahead and change that and give her access to this project so

and give her access to this project so i'm going to go back over to my open tab

i'm going to go back over to my open tab for tony bowtie ace and we're gonna go

for tony bowtie ace and we're gonna go ahead and give laura permissions and so

ahead and give laura permissions and so i'm gonna go ahead and click on this add

i'm gonna go ahead and click on this add button at the top of the page and the

button at the top of the page and the prompt will ask me to add a new member

prompt will ask me to add a new member so i'm gonna add laura in here now

so i'm gonna add laura in here now and here she is and i'm going to select

and here she is and i'm going to select the role

the role as project viewer i'm not going to add

as project viewer i'm not going to add any conditions and i'm simply going to

any conditions and i'm simply going to click on save and the policy has been

click on save and the policy has been updated and as you can see here laura

updated and as you can see here laura has been granted the role of project

has been granted the role of project viewer so i'm going to move over to the

viewer so i'm going to move over to the other open tab where laura's console is

other open tab where laura's console is open and i'm going to simply do a

open and i'm going to simply do a refresh

and now laura has access to view all the resources within project tony now laura

resources within project tony now laura is able to view everything in the

is able to view everything in the project but laura isn't actually able to

project but laura isn't actually able to do anything and so in order for laura to

do anything and so in order for laura to get things done a big part of her job is

get things done a big part of her job is going to be creating files with new

going to be creating files with new ideas for the fall winter line of bow

ideas for the fall winter line of bow ties in 2021 and so because laura holds

ties in 2021 and so because laura holds the project viewer role she is able to

the project viewer role she is able to see everything in cloud storage but she

see everything in cloud storage but she is unable to create buckets

is unable to create buckets to upload edit or delete any files or

to upload edit or delete any files or even folders and as you can see here

even folders and as you can see here there is a folder marked bowtie inc

there is a folder marked bowtie inc fallwinter 2021 ideas but laura cannot

fallwinter 2021 ideas but laura cannot create any new buckets because she

create any new buckets because she doesn't have the required permissions as

doesn't have the required permissions as well drilling down into this bucket

well drilling down into this bucket laura is unable to create any folders as

laura is unable to create any folders as explained earlier

explained earlier and the same stands for uploading any

and the same stands for uploading any files and so i'm going to cancel out of

files and so i'm going to cancel out of this and so in order to give laura the

this and so in order to give laura the proper permissions for her to do her job

proper permissions for her to do her job we're going to give laura the storage

we're going to give laura the storage admin role and so moving back over to

admin role and so moving back over to the open console for tony bowtie i'm

the open console for tony bowtie i'm going to give laura access by using the

going to give laura access by using the command line so i'm going to go up to

command line so i'm going to go up to the top right and open up cloud shell

the top right and open up cloud shell and so the command i need to run

and so the command i need to run to give laura the role of storage admin

to give laura the role of storage admin would be the following gcloud projects

would be the following gcloud projects add dash iam dash policy dash binding

add dash iam dash policy dash binding with the project id dash dash member

with the project id dash dash member user followed by colon and then the user

user followed by colon and then the user name which is laura delightful gmail.com

name which is laura delightful gmail.com dash dash role and the role which is

dash dash role and the role which is storage admin and i'm going to go ahead

storage admin and i'm going to go ahead and hit enter

and hit enter and as you can see it has been executed

and as you can see it has been executed successfully so if i do a refresh of the

successfully so if i do a refresh of the web page here i'm going to be able to

web page here i'm going to be able to see the changes reflected in the console

see the changes reflected in the console and after a refresh you can see here

and after a refresh you can see here storage admin has been added to the role

storage admin has been added to the role for laura delightful gmail.com and so if

for laura delightful gmail.com and so if i go over to the open tab where laura

i go over to the open tab where laura has her console open i can simply do a

has her console open i can simply do a refresh

refresh and if i go back to the home page for

and if i go back to the home page for cloud storage you can see here that

cloud storage you can see here that laura now has the permissions to create

laura now has the permissions to create a bucket laura also now has permissions

a bucket laura also now has permissions to create new folders create edit and

to create new folders create edit and delete new files on top of being able to

delete new files on top of being able to create new storage buckets and so that

create new storage buckets and so that about wraps up this demonstration on

about wraps up this demonstration on getting hands-on with iam

getting hands-on with iam in both the console and the command line

in both the console and the command line and i also hope that this demo has given

and i also hope that this demo has given you a bit more confidence

you a bit more confidence on working in the shell running the

on working in the shell running the commands needed in order to create new

commands needed in order to create new bindings along with editing existing

bindings along with editing existing policies

policies and this will get you comfortable for

and this will get you comfortable for when you need to assign roles to new and

when you need to assign roles to new and existing users that are added to your

existing users that are added to your gcp environment and so you can now mark

gcp environment and so you can now mark this lesson as complete

this lesson as complete and let's move on to the next one

welcome back in this lesson i'm going to take a deep dive into service accounts

take a deep dive into service accounts now service accounts play a powerful

now service accounts play a powerful part in google cloud and can allow a

part in google cloud and can allow a different approach for application

different approach for application interaction with the resources in google

interaction with the resources in google cloud now service accounts being both an

cloud now service accounts being both an identity and a resource can cause some

identity and a resource can cause some confusion for some and so i really

confusion for some and so i really wanted to spend some time breaking it

wanted to spend some time breaking it down for better understanding and so i'm

down for better understanding and so i'm first going to start off by explaining

first going to start off by explaining what exactly is a service account and so

what exactly is a service account and so a service account is a special kind of

a service account is a special kind of account that is used by an application

account that is used by an application or a virtual machine instance and not a

or a virtual machine instance and not a person

person an application uses the service account

an application uses the service account to authenticate between the application

to authenticate between the application and gcp services so that the users

and gcp services so that the users aren't directly involved in short it is

aren't directly involved in short it is a special type of google account

a special type of google account intended to represent a non-human user

intended to represent a non-human user that needs to authenticate and be

that needs to authenticate and be authorized to access data in google apis

authorized to access data in google apis this way the service account is the

this way the service account is the identity of the service and the service

identity of the service and the service accounts permissions control which

accounts permissions control which resources the service can access and as

resources the service can access and as a note a service account is identified

a note a service account is identified by its email address

by its email address which is unique to the account now the

which is unique to the account now the different service account types

different service account types come in three different flavors

come in three different flavors user managed

user managed default and google managed service

default and google managed service accounts when it comes to the user

accounts when it comes to the user managed service accounts

managed service accounts these are service accounts that you

these are service accounts that you create

create you're responsible for managing and

you're responsible for managing and securing these accounts

securing these accounts and by default you can create up to 100

and by default you can create up to 100 user managed service accounts in a

user managed service accounts in a project or you can also request a quota

project or you can also request a quota increase in case you need more now when

increase in case you need more now when you create a user managed service

you create a user managed service account in your project it is you that

account in your project it is you that chooses a name for the service account

chooses a name for the service account this name appears in the email address

this name appears in the email address that identifies the service account

that identifies the service account which uses the following format seen

which uses the following format seen here the service account name

here the service account name at the project id dot

at the project id dot iam.gserviceaccount.com

now moving on to the default service accounts

accounts when you use some google cloud services

when you use some google cloud services they create user managed service

they create user managed service accounts that enable the service to

accounts that enable the service to deploy jobs that access other google

deploy jobs that access other google cloud resources these accounts are known

cloud resources these accounts are known as default service accounts so when it

as default service accounts so when it comes to production workloads google

comes to production workloads google strongly recommends that you create your

strongly recommends that you create your own user managed service accounts and

own user managed service accounts and grant the appropriate roles to each

grant the appropriate roles to each service account when a default service

service account when a default service account is created it is automatically

account is created it is automatically granted the editor role on your project

granted the editor role on your project now following the principle of lease

now following the principle of lease privilege google strongly recommends

privilege google strongly recommends that you disable the automatic role

that you disable the automatic role grant

grant by adding a constraint to your

by adding a constraint to your organization policy

organization policy or by revoking the editor role manually

or by revoking the editor role manually the default service account will be

the default service account will be assigned an email address

assigned an email address following the format you see here

following the format you see here project id

project id at appspot.gserviceaccount.com

for any service accounts created by app engine and project number dash compute

engine and project number dash compute at developer.gserviceaccount.com

for compute engine and so lastly when it comes to google managed service accounts

comes to google managed service accounts these are created and managed by google

these are created and managed by google and they are used by google services the

and they are used by google services the display name of most google managed

display name of most google managed service accounts

service accounts ends with a

ends with a gserviceaccount.com address now some of

gserviceaccount.com address now some of these service accounts are visible but

these service accounts are visible but others are hidden so for example

others are hidden so for example google api service agent is a service

google api service agent is a service account named with an email address that

account named with an email address that uses the following format

uses the following format project number at cloudservices.gerisa

and this runs internal google processes on your behalf and this is just one

on your behalf and this is just one example of the many google managed

example of the many google managed services that run in your environment

services that run in your environment and just as a warning it is not

and just as a warning it is not recommended to change or revoke the

recommended to change or revoke the roles that are granted to the google api

roles that are granted to the google api service agent or to any other google

service agent or to any other google managed service accounts for that matter

managed service accounts for that matter if you change or revoke these roles

if you change or revoke these roles some google cloud services will no

some google cloud services will no longer work now when it comes to

longer work now when it comes to authentication for service accounts they

authentication for service accounts they authenticate using service account keys

authenticate using service account keys so each service account is associated

so each service account is associated with two sets of public and private rsa

with two sets of public and private rsa key pairs that are used to authenticate

key pairs that are used to authenticate to google they are the google manage

to google they are the google manage keys and the user manage keys with the

keys and the user manage keys with the google manage keys google stores both

google manage keys google stores both the public and private portion of the

the public and private portion of the key

key rotates them regularly and the private

rotates them regularly and the private key is always held in escrow and is

key is always held in escrow and is never directly accessible iam provides

never directly accessible iam provides apis to use these keys to sign on behalf

apis to use these keys to sign on behalf of the service account now when using

of the service account now when using user managed key pairs this implies that

user managed key pairs this implies that you own both the public and private

you own both the public and private portions of a key pair you can create

portions of a key pair you can create one or more user managed key pairs also

one or more user managed key pairs also known as external keys that can be used

known as external keys that can be used from outside of google cloud google only

from outside of google cloud google only stores the public portion of a user

stores the public portion of a user managed key

managed key so you are responsible for the security

so you are responsible for the security of the private key as well as the key

of the private key as well as the key rotation private keys cannot be

rotation private keys cannot be retrieved by google so if you're using a

retrieved by google so if you're using a user manage key

user manage key please be aware that if you lose your

please be aware that if you lose your key your service account will

key your service account will effectively stop working google

effectively stop working google recommends storing these keys in cloud

recommends storing these keys in cloud kms for better security and better

kms for better security and better management user managed keys are

management user managed keys are extremely powerful credentials and they

extremely powerful credentials and they can represent a security risk if they

can represent a security risk if they are not managed correctly and as you can

are not managed correctly and as you can see here a user managed key has many

see here a user managed key has many different areas that need to be

different areas that need to be addressed when it comes to key

addressed when it comes to key management now when it comes to service

management now when it comes to service account permissions

account permissions in addition to being an identity a

in addition to being an identity a service account is a resource which has

service account is a resource which has im policies attached to it and these

im policies attached to it and these policies determine who can use the

policies determine who can use the service account so for instance

service account so for instance lark can have the editor role on a

lark can have the editor role on a service account and laura can have a

service account and laura can have a viewer role on a service account so this

viewer role on a service account so this is just like granting roles for any

is just like granting roles for any other google cloud resource just as a

other google cloud resource just as a note

note the default compute engine and app

the default compute engine and app engine service accounts are granted

engine service accounts are granted editor roles on the project when they

editor roles on the project when they are created so that the code executing

are created so that the code executing in your app or vm instance has the

in your app or vm instance has the necessary permissions now you can grant

necessary permissions now you can grant the service account user role at both

the service account user role at both the project level for all service

the project level for all service accounts in the project or at the

accounts in the project or at the service account level now granting the

service account level now granting the service account user role to a user for

service account user role to a user for a project

a project gives the user access to all service

gives the user access to all service accounts in the project

accounts in the project including service accounts that may be

including service accounts that may be created in the future granting the

created in the future granting the service account user role to a user for

service account user role to a user for a specific

a specific service account gives a user access to

service account gives a user access to only that service account so please be

only that service account so please be aware when granting the service account

aware when granting the service account user role to any member now users who

user role to any member now users who are granted the service account user

are granted the service account user role on a service account can use it to

role on a service account can use it to indirectly access

indirectly access all the resources to which the service

all the resources to which the service account has access

account has access when this happens the user impersonates

when this happens the user impersonates the service account to perform any tasks

the service account to perform any tasks using its granted roles and permissions

using its granted roles and permissions and is known as service account

and is known as service account impersonation now when it comes to

impersonation now when it comes to service account permissions there is

service account permissions there is also another method use called access

also another method use called access scopes service account scopes are the

scopes service account scopes are the legacy method of specifying permissions

legacy method of specifying permissions for your instance

for your instance and they are used in substitution of iam

and they are used in substitution of iam roles these are used specifically for

roles these are used specifically for default or automatically created service

default or automatically created service accounts based on enabled apis now

accounts based on enabled apis now before the existence of iam roles access

before the existence of iam roles access scopes were the only way for granting

scopes were the only way for granting permissions to service accounts and

permissions to service accounts and although they are not the primary way of

although they are not the primary way of granting permissions now

granting permissions now you must still set service account

you must still set service account scopes when configuring an instance to

scopes when configuring an instance to run as a service account however when

run as a service account however when you are using a custom service account

you are using a custom service account you will not be using scopes rather you

you will not be using scopes rather you will be using iam roles

will be using iam roles so when you are using a default service

so when you are using a default service account for your compute instance it

account for your compute instance it will default to using scopes instead of

will default to using scopes instead of iam roles and so i wanted to quickly

iam roles and so i wanted to quickly touch on how service accounts are used

touch on how service accounts are used now one way of using a service account

now one way of using a service account is to attach this service account to a

is to attach this service account to a resource

resource so if you want to start a long-running

so if you want to start a long-running job that authenticates as a service

job that authenticates as a service account you need to attach a service

account you need to attach a service account to the resource that will run

account to the resource that will run the job and this will bind the service

the job and this will bind the service account to the resource now the other

account to the resource now the other way of using a service account is

way of using a service account is directly impersonating a service account

directly impersonating a service account which i had explained a little bit

which i had explained a little bit earlier so once granted they require

earlier so once granted they require permissions a user or a service can

permissions a user or a service can directly impersonate the identity of a

directly impersonate the identity of a service account in a few common

service account in a few common scenarios you can impersonate the

scenarios you can impersonate the service account without requiring the

service account without requiring the use of a downloaded external service

use of a downloaded external service account key as well a user may get

account key as well a user may get artifacts signed by the google managed

artifacts signed by the google managed private key of the service account

private key of the service account without ever actually retrieving a

without ever actually retrieving a credential for the service account and

credential for the service account and this is an advanced use case and is only

this is an advanced use case and is only supported for programmatic access now

supported for programmatic access now although i'm going to be covering best

although i'm going to be covering best practices

practices at the end of this section i wanted to

at the end of this section i wanted to go over some best practices for service

go over some best practices for service accounts specifically so you should

accounts specifically so you should always look at auditing the service

always look at auditing the service accounts

accounts and their keys

and their keys using either the service account dot

using either the service account dot keys dot list method

keys dot list method or the logs viewer page in the console

or the logs viewer page in the console now if your service accounts don't need

now if your service accounts don't need external keys

external keys you should definitely delete them you

you should definitely delete them you should always grant the service account

should always grant the service account only the minimum set of permissions

only the minimum set of permissions required to achieve the goal

required to achieve the goal service accounts should also be created

service accounts should also be created for each specific service with only the

for each specific service with only the permissions required for that service

permissions required for that service and finally when it comes to

and finally when it comes to implementing key rotation you should

implementing key rotation you should take advantage of the iam service

take advantage of the iam service account api to get the job done and so

account api to get the job done and so that's all i have for this lesson on

that's all i have for this lesson on service accounts

service accounts so you can now mark this lesson as

so you can now mark this lesson as complete

complete and please join me in the next one where

and please join me in the next one where we go hands-on in the console

we go hands-on in the console [Music]

[Music] welcome back

welcome back so in this demonstration i'm going to

so in this demonstration i'm going to take a hands-on tour diving through

take a hands-on tour diving through various aspects of working with both

various aspects of working with both default and custom-made service accounts

default and custom-made service accounts we're going to start off fresh

we're going to start off fresh observing a new service account being

observing a new service account being automatically created along with viewing

automatically created along with viewing scopes observing how to edit them and

scopes observing how to edit them and creating custom service accounts that

creating custom service accounts that get a little bit more granular with the

get a little bit more granular with the permissions assigned so with that being

permissions assigned so with that being said let's dive in so as you can see

said let's dive in so as you can see here from the top right hand corner that

here from the top right hand corner that i am logged in under tony bowtie ace

i am logged in under tony bowtie ace gmail.com and looking over here from the

gmail.com and looking over here from the top drop down menu you can see that i am

top drop down menu you can see that i am in the project of cat bow ties fall 2021

in the project of cat bow ties fall 2021 and this is a brand new project that i

and this is a brand new project that i had created specifically for this demo

had created specifically for this demo and so i currently have no resources

and so i currently have no resources created along with no apis enabled so

created along with no apis enabled so now i want to navigate over to iam so

now i want to navigate over to iam so i'm going to go up to the left hand

i'm going to go up to the left hand corner to the navigation menu

corner to the navigation menu and i'm going to go to i am an admin

and i'm going to go to i am an admin and over to iam and as expected i have

and over to iam and as expected i have no members here other than myself tony

no members here other than myself tony bowtie ace gmail.com with no other

bowtie ace gmail.com with no other members and if i go over here to the

members and if i go over here to the left hand menu under service accounts

left hand menu under service accounts you can see that i have no service

you can see that i have no service accounts created so now in order to

accounts created so now in order to demonstrate a default service account

demonstrate a default service account i'm going to go over to the navigation

i'm going to go over to the navigation menu and go into compute engine and as

menu and go into compute engine and as you can see the compute engine api is

you can see the compute engine api is starting up and so this may take a

starting up and so this may take a couple minutes to get ready okay and the

couple minutes to get ready okay and the compute engine api has been enabled so

compute engine api has been enabled so now if i go back over to iam to take a

now if i go back over to iam to take a look at my service accounts as expected

look at my service accounts as expected i have my compute engine default service

i have my compute engine default service account now again i did not create this

account now again i did not create this manually this service account was

manually this service account was automatically created when i had enabled

automatically created when i had enabled the compute engine api along with the

the compute engine api along with the api's service agent and the compute

api's service agent and the compute engine service agent and the same would

engine service agent and the same would happen to other various apis that are

happen to other various apis that are enabled as well and so now that i have

enabled as well and so now that i have my default service account i want to go

my default service account i want to go back over to compute engine

back over to compute engine and i'm going to go ahead and create a

and i'm going to go ahead and create a vm instance so i'm going to just click

vm instance so i'm going to just click on create

on create i'm going to keep everything as the

i'm going to keep everything as the default except i'm going to change the

default except i'm going to change the machine type from an e2 medium to an e2

machine type from an e2 medium to an e2 micro and so now i'm going to scroll

micro and so now i'm going to scroll down to where it says identity and api

down to where it says identity and api access

access now here under service account you can

now here under service account you can see that the compute engine default

see that the compute engine default service account has been highlighted and

service account has been highlighted and this is because i don't have any other

this is because i don't have any other service accounts that i am able to

service accounts that i am able to select from now when a default service

select from now when a default service account is the only service account you

account is the only service account you have access to

have access to access scopes are the only permissions

access scopes are the only permissions that will be available for you to select

that will be available for you to select from now remember access scopes are the

from now remember access scopes are the legacy method of specifying permissions

legacy method of specifying permissions in google cloud now under access scopes

in google cloud now under access scopes i can select from the allow default

i can select from the allow default access

access allow full access to all cloud apis

allow full access to all cloud apis and set access for each api and so i

and set access for each api and so i want to click on set access for each api

want to click on set access for each api for just a second and so as you can see

for just a second and so as you can see here i have access to set permissions

here i have access to set permissions for each api the difference being is

for each api the difference being is that i only have access to primitive

that i only have access to primitive roles and so now that i'm looking to

roles and so now that i'm looking to grant access to my service account i'm

grant access to my service account i'm going to grant access to cloud storage

going to grant access to cloud storage on a read-only capacity

on a read-only capacity and so now that i have granted

and so now that i have granted permissions for my service account i'm

permissions for my service account i'm going to now create my instance by

going to now create my instance by simply clicking on the create button

simply clicking on the create button and so now that my instance is created

and so now that my instance is created i want to head over to cloud storage to

i want to head over to cloud storage to see exactly what my service account will

see exactly what my service account will have access to so i'm going to go over

have access to so i'm going to go over to my navigation menu and scroll down

to my navigation menu and scroll down and click on storage and as you can see

and click on storage and as you can see here i have created a bucket in advance

here i have created a bucket in advance called bow tie ink fall winter 2012

called bow tie ink fall winter 2012 designs and this is due to bow tie ink

designs and this is due to bow tie ink bringing back some old designs from 2012

bringing back some old designs from 2012 and making them relevant for today and

and making them relevant for today and within that bucket there are a few files

within that bucket there are a few files of different design ideas that were best

of different design ideas that were best sellers back in 2012

sellers back in 2012 that tony bowtie wanted to re-release

that tony bowtie wanted to re-release for the fall winter 2012 collection and

for the fall winter 2012 collection and so with the new granted access to my

so with the new granted access to my default service account i should have

default service account i should have access to view these files so in order

access to view these files so in order to test this i'm going to go back over

to test this i'm going to go back over to the navigation menu and go back to

to the navigation menu and go back to compute engine and i'm going to ssh into

compute engine and i'm going to ssh into my instance

and so now that i've sshed into my virtual machine

virtual machine i wanted to first check to see who is it

i wanted to first check to see who is it that's running the commands is it my

that's running the commands is it my user account or is it my service account

user account or is it my service account and so i'll be able to do this very

and so i'll be able to do this very easily by checking the configuration and

easily by checking the configuration and i can do this by running the command

i can do this by running the command gcloud config list and as you can see my

gcloud config list and as you can see my current configuration is showing that my

current configuration is showing that my service account is the member that is

service account is the member that is being used to run this command in the

being used to run this command in the project of cat bow ties fall 2021 now if

project of cat bow ties fall 2021 now if i wanted to run any commands using my

i wanted to run any commands using my tony bowtie ace

tony bowtie ace gmail.com user account i can simply run

gmail.com user account i can simply run the command gcloud auth login and it

the command gcloud auth login and it will bring me through the login process

will bring me through the login process that we've seen earlier on in the course

that we've seen earlier on in the course for my tony bowtie ace

for my tony bowtie ace gmail.com account but now since i'm

gmail.com account but now since i'm running all my commands using my service

running all my commands using my service account from this compute engine

account from this compute engine instance i'm using the permissions

instance i'm using the permissions granted to that service account that we

granted to that service account that we saw earlier and so since i set the

saw earlier and so since i set the storage scope for the service account to

storage scope for the service account to read only we should be able to see the

read only we should be able to see the cloud storage bucket and all the files

cloud storage bucket and all the files within it by simply running the gsutil

within it by simply running the gsutil command so to list the contents of the

command so to list the contents of the bucket i'm going to type in the command

bucket i'm going to type in the command gsutil ls for list and the name of the

gsutil ls for list and the name of the bucket and the syntax for that would be

bucket and the syntax for that would be gs

gs colon forward slash forward slash

colon forward slash forward slash followed by the name of the bucket which

followed by the name of the bucket which would be bowtie inc

would be bowtie inc fw2012

fw2012 designs

designs and as you can see we're able to view

and as you can see we're able to view all the files that are in the bucket and

all the files that are in the bucket and so it is working as expected and so now

so it is working as expected and so now because i've only granted viewing

because i've only granted viewing permissions for this service account i

permissions for this service account i cannot create any files due to the lack

cannot create any files due to the lack of permissions so for instance if i was

of permissions so for instance if i was to create a file

to create a file using the command touch

using the command touch file one i have now created that file

file one i have now created that file here on the instance so now i want to

here on the instance so now i want to copy this file to my bucket and so i'm

copy this file to my bucket and so i'm going to run the gsutil command

going to run the gsutil command cp for copy

cp for copy file 1 which is the name of my file and

file 1 which is the name of my file and gs

gs colon forward slash forward slash along

colon forward slash forward slash along with the name of the bucket which is bow

with the name of the bucket which is bow tie inc fw

tie inc fw 2012

2012 designs and as expected i am getting an

designs and as expected i am getting an access denied exception with a prompt

access denied exception with a prompt telling me that i have insufficient

telling me that i have insufficient permissions and so now that i've shown

permissions and so now that i've shown you how to create a default service

you how to create a default service account and give it permissions using

account and give it permissions using access scopes let's now create a custom

access scopes let's now create a custom service account and assign it proper

service account and assign it proper permissions

permissions to not only read files from cloud

to not only read files from cloud storage but be able to write files to

storage but be able to write files to cloud storage as well so i'm going to

cloud storage as well so i'm going to now close down this tab

now close down this tab and i'm going to go back over to the

and i'm going to go back over to the navigation menu

navigation menu and go back to iam where we can go in

and go back to iam where we can go in and create our new service account

and create our new service account under service accounts

under service accounts and so as you can see here this is the

and so as you can see here this is the default service account and since we

default service account and since we want to create a custom one i'm going to

want to create a custom one i'm going to go ahead and go up to the top here and

go ahead and go up to the top here and click on the button that says create

click on the button that says create service account

service account and so now i'm prompted to enter some

and so now i'm prompted to enter some information with regards to details of

information with regards to details of this service account including the

this service account including the service account name the account id

service account name the account id along with a description and so i'm

along with a description and so i'm going to call this service account sa

going to call this service account sa hyphen bowtie hyphen demo and as you can

hyphen bowtie hyphen demo and as you can see it automatically propagated the

see it automatically propagated the service account id and i'm going to give

service account id and i'm going to give this service account a description

this service account a description storage read write access

storage read write access and i'm going to click on the button

and i'm going to click on the button create

create and so now i've been prompted to grant

and so now i've been prompted to grant permissions to the service account and i

permissions to the service account and i can do that by simply clicking on the

can do that by simply clicking on the drop down and selecting a roll but i'm

drop down and selecting a roll but i'm looking to get a little bit more

looking to get a little bit more granular and so i'm going to simply type

granular and so i'm going to simply type in storage and as you can see i'm coming

in storage and as you can see i'm coming up with some more granular roles as

up with some more granular roles as opposed to the primitive roles that i

opposed to the primitive roles that i only had access to prior to the search

only had access to prior to the search so i'm going to click on storage object

so i'm going to click on storage object viewer for read access to cloud storage

viewer for read access to cloud storage i'm not going to add any conditions and

i'm not going to add any conditions and i'm going to add another role and this

i'm going to add another role and this time

time i'm going to add storage object creator

i'm going to add storage object creator and so those are all the permissions i

and so those are all the permissions i need for read write access to cloud

need for read write access to cloud storage and so now i can simply click on

storage and so now i can simply click on continue and so now i'm being prompted

continue and so now i'm being prompted to add another user to act as a service

to add another user to act as a service account and this is what we discussed in

account and this is what we discussed in the last lesson about service accounts

the last lesson about service accounts being both a member and a resource now

being both a member and a resource now notice that i have an option for both

notice that i have an option for both the service account users role and the

the service account users role and the service account admins role now as

service account admins role now as discussed earlier the service account

discussed earlier the service account and men's role has the ability to grant

and men's role has the ability to grant other users the role of service account

other users the role of service account user and so because we don't want to do

user and so because we don't want to do that i'm going to leave both of these

that i'm going to leave both of these fields blank

fields blank and simply click on done now i know in

and simply click on done now i know in the last lesson i talked about creating

the last lesson i talked about creating custom keys for authentication

custom keys for authentication in case you're hosting your code on

in case you're hosting your code on premise or on another cloud and so if i

premise or on another cloud and so if i wanted to do that i can simply go to the

wanted to do that i can simply go to the actions menu and click on create key and

actions menu and click on create key and it'll give me the option on creating a

it'll give me the option on creating a private key either using json or p12

private key either using json or p12 format and because i'm not creating any

format and because i'm not creating any keys i'm going to simply click on cancel

keys i'm going to simply click on cancel and so in order for me to apply this

and so in order for me to apply this service account

service account to our vm instance i'm going to now go

to our vm instance i'm going to now go back over to the navigation menu and go

back over to the navigation menu and go back into compute engine and so now in

back into compute engine and so now in order for me to change this service

order for me to change this service account that's currently assigned to

account that's currently assigned to this instance i'm going to go ahead and

this instance i'm going to go ahead and check off this instance and click on

check off this instance and click on stop

stop now please note that in order to change

now please note that in order to change service accounts on any instance you

service accounts on any instance you must stop it first before you can edit

must stop it first before you can edit the service account and so now that the

the service account and so now that the instance has stopped i'm going to drill

instance has stopped i'm going to drill down into this instance one

down into this instance one and i'm going to click on edit

and i'm going to click on edit now i'm going to scroll down to the

now i'm going to scroll down to the bottom

bottom and at the bottom you will find the

and at the bottom you will find the service account field and clicking on

service account field and clicking on the drop down i'll find my custom

the drop down i'll find my custom service account as a bow tie demo so i

service account as a bow tie demo so i want to select this and simply click on

want to select this and simply click on save and so now that i've selected my

save and so now that i've selected my new service account to be used in this

new service account to be used in this vm instance i can now start up the

vm instance i can now start up the instance again to test out the

instance again to test out the permissions that were granted

permissions that were granted and so just as a quick note here i

and so just as a quick note here i wanted to bring your attention to the

wanted to bring your attention to the external ip whenever stopping and

external ip whenever stopping and starting an instance with an ephemeral

starting an instance with an ephemeral ip in other words it is not assigned a

ip in other words it is not assigned a static ip your vm instance will receive

static ip your vm instance will receive a new ip address and i'll be getting

a new ip address and i'll be getting into this in a lot deeper detail in the

into this in a lot deeper detail in the compute engine section of the course and

compute engine section of the course and so now i'm going to ssh into this

so now i'm going to ssh into this instance

instance now i'm going to run the same gsutil

now i'm going to run the same gsutil command that i did previously to list

command that i did previously to list all the files in the bucket so i'm going

all the files in the bucket so i'm going to run the command gsutil ls for list

to run the command gsutil ls for list and gs

and gs colon forward slash forward slash bow

colon forward slash forward slash bow tie inc fw 2012 designs

tie inc fw 2012 designs and as you can see i'm able to read all

and as you can see i'm able to read all the files in the bucket now the

the files in the bucket now the difference in the permissions granted

difference in the permissions granted for the service account is that i'm able

for the service account is that i'm able to write files to cloud storage and so

to write files to cloud storage and so in order to test that i'm going to use

in order to test that i'm going to use the touch command again and i'm going to

the touch command again and i'm going to name the file file2 and so now i'm going

name the file file2 and so now i'm going to copy this file to the cloud storage

to copy this file to the cloud storage bucket by using the command gsutil cp

bucket by using the command gsutil cp file2 and the bucket name

file2 and the bucket name gs colon forward slash forward slash bow

gs colon forward slash forward slash bow tie inc fw 2012 designs and as expected

tie inc fw 2012 designs and as expected the file copied over successfully as we

the file copied over successfully as we do have permissions to write to cloud

do have permissions to write to cloud storage and so before i end this

storage and so before i end this demonstration i wanted to quickly go

demonstration i wanted to quickly go over exactly how to create service

over exactly how to create service accounts

accounts using the command line and so i'm going

using the command line and so i'm going to close down this tab and i'm going to

to close down this tab and i'm going to head up to the top right hand corner and

head up to the top right hand corner and activate my cloud shell i'm going to

activate my cloud shell i'm going to make this window a little bit bigger and

make this window a little bit bigger and so now in order to view the service

so now in order to view the service accounts i currently have

accounts i currently have i'm going to run the command

i'm going to run the command gcloud

gcloud iam

iam service dash accounts

service dash accounts list

and so as expected the compute engine default service account along with the

default service account along with the custom service account that i created

custom service account that i created earlier called sa bowtie demo is now

earlier called sa bowtie demo is now displaying and in order to just verify

displaying and in order to just verify that i'm going to go over to iam

that i'm going to go over to iam under service accounts and as you can

under service accounts and as you can see it is reflecting exactly the same in

see it is reflecting exactly the same in the console so now in order for me to

the console so now in order for me to create a new service account using the

create a new service account using the command line i'm going to run the

command line i'm going to run the command

command gcloud iam service accounts create

gcloud iam service accounts create and the name of the service account

and the name of the service account which i'm going to call sa-tony bowtie

which i'm going to call sa-tony bowtie along with the display name as essay

along with the display name as essay tony bowtie as well and i'm going to hit

tony bowtie as well and i'm going to hit enter

enter and my service account has been created

and my service account has been created so now if i run the command gcloud i am

so now if i run the command gcloud i am service accounts list

service accounts list i should see my new service account and

i should see my new service account and as well if i did a refresh here on the

as well if i did a refresh here on the console i can see that it is reflecting

console i can see that it is reflecting the same so now that we've created our

the same so now that we've created our new service account we need to assign

new service account we need to assign some permissions to it in order for us

some permissions to it in order for us to be able to use it and so if i go over

to be able to use it and so if i go over here to iam in the console i can see

here to iam in the console i can see here that my service account has not

here that my service account has not been assigned any permissions and so in

been assigned any permissions and so in order to do that i am going to simply

order to do that i am going to simply run the command

run the command gcloud projects

gcloud projects add dash iam-policy-binding

add dash iam-policy-binding so we're adding a policy binding and

so we're adding a policy binding and then the name of the project catbow ties

then the name of the project catbow ties fall 2021 we need to add the member

fall 2021 we need to add the member which is the new service account email

which is the new service account email address along with the role of storage

address along with the role of storage object viewer i'm going to hit enter

object viewer i'm going to hit enter and as you can see

and as you can see my member sa tony bowtie has been

my member sa tony bowtie has been assigned the storage object viewer role

assigned the storage object viewer role and so if i wanted to grant some other

and so if i wanted to grant some other roles to the service account i can do

roles to the service account i can do that as well and so if i did a refresh

that as well and so if i did a refresh here i can see that the console reflects

here i can see that the console reflects exactly the same and so in order for me

exactly the same and so in order for me to use this account in my instance i'm

to use this account in my instance i'm going to first have to stop my instance

going to first have to stop my instance attach my service account and then start

attach my service account and then start up my instance again so i'm going to go

up my instance again so i'm going to go over to my cloud shell i'm just going to

over to my cloud shell i'm just going to clear the screen and i'm going to paste

clear the screen and i'm going to paste in the command gcloud compute instances

in the command gcloud compute instances stop the name of the instance along with

stop the name of the instance along with the zone and now that the instance has

the zone and now that the instance has stopped i can now add my surface account

stopped i can now add my surface account to the instance and so i'm going to use

to the instance and so i'm going to use the command gcloud compute instances

the command gcloud compute instances set service account instance 1

set service account instance 1 along with the zone and the service

along with the zone and the service account email address i'm going to go

account email address i'm going to go ahead and hit enter

ahead and hit enter and it has now been successfully added

and it has now been successfully added and so now that that's done i can now

and so now that that's done i can now start up the instance by using the

start up the instance by using the command gcloud compute instances start

command gcloud compute instances start along with the instance name and the

along with the instance name and the zone and so now if i go over to my

zone and so now if i go over to my navigation menu and go over to compute

navigation menu and go over to compute engine and drill down on the instance if

engine and drill down on the instance if i scroll down to the bottom

i scroll down to the bottom i'll be able to see that my new service

i'll be able to see that my new service account has been added

account has been added and so this is a great demonstration for

and so this is a great demonstration for when you want to add different service

when you want to add different service accounts for your different applications

accounts for your different applications on different instances or even on

on different instances or even on different resources and so that's pretty

different resources and so that's pretty much all i wanted to cover in this

much all i wanted to cover in this demonstration so you can now mark this

demonstration so you can now mark this lesson as complete and let's move on to

lesson as complete and let's move on to the next one

welcome back in this lesson i'm going to dive into

in this lesson i'm going to dive into cloud identity google's identity as a

cloud identity google's identity as a service offering for google cloud that

service offering for google cloud that maximizes end user efficiency protect

maximizes end user efficiency protect company data

company data and so much more

and so much more now cloud identity as i said before is

now cloud identity as i said before is an identity as a service solution that

an identity as a service solution that centrally manages users and groups this

centrally manages users and groups this would be the sole system for

would be the sole system for authentication and that provides a

authentication and that provides a single sign-on experience for all

single sign-on experience for all employees of an organization to be used

employees of an organization to be used for all your internal and external

for all your internal and external applications cloud identity also gives

applications cloud identity also gives you more control over the accounts that

you more control over the accounts that are used in your organization for

are used in your organization for example if developers in your

example if developers in your organization use personal accounts such

organization use personal accounts such as gmail accounts those accounts are

as gmail accounts those accounts are outside of your control

outside of your control so when you adopt cloud identity you can

so when you adopt cloud identity you can manage access and compliance across all

manage access and compliance across all the users in your domain now when you

the users in your domain now when you adopt cloud identity you create a cloud

adopt cloud identity you create a cloud identity account for each of your users

identity account for each of your users and groups you can then use iam to

and groups you can then use iam to manage access to google cloud resources

manage access to google cloud resources for each cloud identity account and you

for each cloud identity account and you can also configure cloud identity to

can also configure cloud identity to federate identities between google and

federate identities between google and other identity providers such as active

other identity providers such as active directory and azure active directory and

directory and azure active directory and i'll be getting more into that a little

i'll be getting more into that a little bit later

bit later so now when it comes to cloud identity

so now when it comes to cloud identity it gives you so much more than just user

it gives you so much more than just user and group management it provides a slew

and group management it provides a slew of features such as device management

of features such as device management security

security single sign-on

single sign-on reporting

reporting and directory management

and directory management and i will be diving deeper into each

and i will be diving deeper into each one of these features of cloud identity

one of these features of cloud identity now starting with device management

now starting with device management this lets people in any organization

this lets people in any organization access their work accounts from mobile

access their work accounts from mobile devices while keeping the organization's

devices while keeping the organization's data more secure in today's world

data more secure in today's world employees want to access business

employees want to access business applications from wherever they are

applications from wherever they are whether at home at work

whether at home at work or even traveling

or even traveling and many even want to use their own

and many even want to use their own devices which is also known as bring

devices which is also known as bring your own device or byod for short using

your own device or byod for short using mobile device management there are

mobile device management there are several ways that you can provide the

several ways that you can provide the business applications employees need

business applications employees need on their personal devices while

on their personal devices while implementing policies that keep the

implementing policies that keep the corporate data safe you can create a

corporate data safe you can create a white list of approved applications

white list of approved applications where users can access corporate data

where users can access corporate data securely through those applications

securely through those applications you can enforce work profiles on android

you can enforce work profiles on android devices and requiring managed

devices and requiring managed applications on ios devices policies can

applications on ios devices policies can also be pushed out on these devices to

also be pushed out on these devices to protect corporate data and identities as

protect corporate data and identities as well as keeping inventory of devices

well as keeping inventory of devices with corporate data present then when

with corporate data present then when these devices are either no longer being

these devices are either no longer being used for corporate use or stolen the

used for corporate use or stolen the device can then be wiped of all its

device can then be wiped of all its corporate data device management also

corporate data device management also gives organizations the power to enforce

gives organizations the power to enforce passcodes

passcodes as well as auditing now moving into the

as well as auditing now moving into the security component of cloud identity

security component of cloud identity this is where two-step verification

this is where two-step verification steps in now as explained earlier

steps in now as explained earlier two-step verification or to sv

two-step verification or to sv is a security feature that requires

is a security feature that requires users to verify their identity through

users to verify their identity through something they know such as a password

something they know such as a password plus something they have such as a

plus something they have such as a physical key or access code and this can

physical key or access code and this can be anything from security keys to google

be anything from security keys to google prompt

prompt the authenticator app and backup codes

the authenticator app and backup codes so cloud identity helps by applying

so cloud identity helps by applying security best practices along with being

security best practices along with being able to deploy

able to deploy two-step verification for the whole

two-step verification for the whole company along with enforcement controls

company along with enforcement controls and can also manage passwords to make

and can also manage passwords to make sure they are meeting the enforced

sure they are meeting the enforced password requirements automatically so

password requirements automatically so single sign-on is where users can access

single sign-on is where users can access many applications

many applications without having to enter their username

without having to enter their username and password for each application single

and password for each application single sign-on also known as sso can provide a

sign-on also known as sso can provide a single point of authentication through

single point of authentication through an identity provider also known as idp

an identity provider also known as idp for short you can set up sso using

for short you can set up sso using google as an identity provider to access

google as an identity provider to access a slew of third-party applications

a slew of third-party applications as well as any on-premise or custom

as well as any on-premise or custom in-house applications you can also

in-house applications you can also access a centralized dashboard for

access a centralized dashboard for conveniently accessing your applications

conveniently accessing your applications so now when lisa logs in with her

so now when lisa logs in with her employee credentials she will then have

employee credentials she will then have access to many cloud applications that

access to many cloud applications that bowtie inc it department has approved

bowtie inc it department has approved through a catalog of sso applications

through a catalog of sso applications and this will increase both security and

and this will increase both security and productivity for lisa and bowtie inc as

productivity for lisa and bowtie inc as lisa won't have to enter

lisa won't have to enter a separate username and password for

a separate username and password for separate applications now getting into

separate applications now getting into reporting this covers audit logs for

reporting this covers audit logs for logins groups devices and even tokens

logins groups devices and even tokens you're even able to export these logs to

you're even able to export these logs to bigquery for analysis

bigquery for analysis and then you can create reports from

and then you can create reports from these logs that cover security

these logs that cover security applications and activity

applications and activity now moving on to the last component of

now moving on to the last component of cloud identity is directory management

cloud identity is directory management and this provides profile information

and this provides profile information for users in your organization

for users in your organization email

email and group addresses and shared external

and group addresses and shared external contacts in the directory using google

contacts in the directory using google cloud directory sync or gcds you can

cloud directory sync or gcds you can synchronize the data in your google

synchronize the data in your google account with your microsoft active

account with your microsoft active directory or ldap server gcds doesn't

directory or ldap server gcds doesn't migrate any content such as your email

migrate any content such as your email your calendar events or your files to

your calendar events or your files to your google account gcds is used to

your google account gcds is used to synchronize all your users groups and

synchronize all your users groups and shared contacts to match the information

shared contacts to match the information in your ldap server which could be your

in your ldap server which could be your active directory server or your azure

active directory server or your azure active directory domain now getting

active directory domain now getting deeper into google cloud directory sync

deeper into google cloud directory sync i'd like to touch on active directory

i'd like to touch on active directory for just a minute now active directory

for just a minute now active directory is a very common directory service

is a very common directory service developed by microsoft and is a

developed by microsoft and is a cornerstone in most big corporate

cornerstone in most big corporate on-premises environments it

on-premises environments it authenticates and authorizes all users

authenticates and authorizes all users and computers in a windows domain type

and computers in a windows domain type network signing and enforcing security

network signing and enforcing security policies for all computers and

policies for all computers and installing or updating software as

installing or updating software as necessary now as you can see here in the

necessary now as you can see here in the diagram the active directory forest

diagram the active directory forest contains the active directory domain a

contains the active directory domain a bowtieinc.co

bowtieinc.co and the active directory federation

and the active directory federation services of bowtieinc.co where the

services of bowtieinc.co where the active directory forest is the

active directory forest is the hierarchical structure for active

hierarchical structure for active directory the active directory domain is

directory the active directory domain is responsible for storing information

responsible for storing information about members of the domain including

about members of the domain including devices and users and it verifies their

devices and users and it verifies their credentials and defines their access

credentials and defines their access rights active directory federation

rights active directory federation services or adfs

services or adfs is a single sign-on service where

is a single sign-on service where federation is the means of linking a

federation is the means of linking a person's electronic identity and

person's electronic identity and attributes stored across multiple

attributes stored across multiple distinct identity management systems so

distinct identity management systems so you can think of it as a subset of sso

you can think of it as a subset of sso as it relates only to authentication

as it relates only to authentication technologies used for federated identity

technologies used for federated identity include some common terms that you may

include some common terms that you may hear me or others in the industry use

hear me or others in the industry use from time to time such as saml which

from time to time such as saml which stands for security assertion markup

stands for security assertion markup language oauth open id and even security

language oauth open id and even security tokens such as simple web tokens json

tokens such as simple web tokens json web tokens and saml assertions and so

web tokens and saml assertions and so when you have identities already in your

when you have identities already in your on-premises environment that live in

on-premises environment that live in active directory you need a way to tie

active directory you need a way to tie these identities to the cloud and so

these identities to the cloud and so here's where you would use google cloud

here's where you would use google cloud directory sync to automatically

directory sync to automatically provision users and groups from active

provision users and groups from active directory to cloud identity or g suite

directory to cloud identity or g suite google cloud directory sync is a free

google cloud directory sync is a free google provided tool that implements the

google provided tool that implements the synchronization process and can be run

synchronization process and can be run on google cloud or in your on-premises

on google cloud or in your on-premises environment synchronization is one way

environment synchronization is one way so that active directory remains the

so that active directory remains the source of truth cloud identity or g

source of truth cloud identity or g suite uses active directory federation

suite uses active directory federation services or adfs for single sign-on any

services or adfs for single sign-on any existing corporate applications and

existing corporate applications and other sas services can continue to use

other sas services can continue to use your adfs as an identity provider now i

your adfs as an identity provider now i know this may be a review for some who

know this may be a review for some who are advanced in this topic but for those

are advanced in this topic but for those who aren't this is a very important

who aren't this is a very important topic to know as google cloud directory

topic to know as google cloud directory sync is a big part of cloud identity and

sync is a big part of cloud identity and is a common way that is used in many

is a common way that is used in many corporate environments to sync active

corporate environments to sync active directory or any other ldap server to

directory or any other ldap server to google cloud especially when you want to

google cloud especially when you want to keep your active directory as the single

keep your active directory as the single source of truth and so that's pretty

source of truth and so that's pretty much all i wanted to cover

much all i wanted to cover when it comes to cloud identity and

when it comes to cloud identity and google cloud directory sync so you can

google cloud directory sync so you can now mark this lesson as complete and

now mark this lesson as complete and let's move on to the next one

let's move on to the next one [Music]

[Music] welcome back now i wanted to close out

welcome back now i wanted to close out this section by briefly going over the

this section by briefly going over the best practices to follow when working

best practices to follow when working with identity and access management so

with identity and access management so the phrase that was discussed in the

the phrase that was discussed in the beginning of this lesson that will

beginning of this lesson that will continuously come up in the exam is the

continuously come up in the exam is the principle of least privilege and again

principle of least privilege and again this is where you would apply only the

this is where you would apply only the minimal access level required for what

minimal access level required for what is needed to be done and this can be

is needed to be done and this can be done using predefined roles which is a

done using predefined roles which is a more granular level role than using

more granular level role than using primitive roles which are very wide

primitive roles which are very wide scoped roles that are applied to the

scoped roles that are applied to the whole project roles should also be

whole project roles should also be granted at the smallest scope necessary

granted at the smallest scope necessary so for instance when assigning somebody

so for instance when assigning somebody the permissions needed

the permissions needed for managing pre-existing compute

for managing pre-existing compute instances assigning a compute instance

instances assigning a compute instance admin role might be sufficient for what

admin role might be sufficient for what they need to do as opposed to assigning

they need to do as opposed to assigning them the compute instance role that has

them the compute instance role that has full control of all compute engine

full control of all compute engine instance resources now when it comes to

instance resources now when it comes to child resources they cannot restrict

child resources they cannot restrict access granted on its parent

access granted on its parent so always remember to check the policy

so always remember to check the policy granted on every resource and make sure

granted on every resource and make sure you understand the hierarchical

you understand the hierarchical inheritance you also want to make sure

inheritance you also want to make sure that you restrict access to members

that you restrict access to members abilities to create and manage service

abilities to create and manage service accounts

accounts as users who are granted the service

as users who are granted the service account actor role for a service account

account actor role for a service account can access all the resources for which

can access all the resources for which the service account has access and

the service account has access and granting someone with the owner role

granting someone with the owner role should be used with caution as they will

should be used with caution as they will have access to modify almost all

have access to modify almost all resources

resources project-wide including iam policies and

project-wide including iam policies and billing granting an editor role might be

billing granting an editor role might be more sufficient for the needs of most

more sufficient for the needs of most when using primitive roles

when using primitive roles now when dealing with resource hierarchy

now when dealing with resource hierarchy to make it easy on how to structure your

to make it easy on how to structure your environment

environment you should look at mirroring your google

you should look at mirroring your google cloud resource hierarchy structure to

cloud resource hierarchy structure to your organizational structure in other

your organizational structure in other words the google cloud resource

words the google cloud resource hierarchy should reflect how your

hierarchy should reflect how your company is organized you should also use

company is organized you should also use projects to group resources that share

projects to group resources that share the same trust boundary as well as

the same trust boundary as well as setting policies at the organization

setting policies at the organization level and at the project level rather

level and at the project level rather than at the resource level now going

than at the resource level now going back to what we discussed earlier about

back to what we discussed earlier about the principle of least privilege

the principle of least privilege you should use this guideline to grant

you should use this guideline to grant iam roles that is

iam roles that is only give the least amount of access

only give the least amount of access necessary to your resources and when

necessary to your resources and when granting roles across multiple projects

granting roles across multiple projects it is recommended to grant them at the

it is recommended to grant them at the folder level instead of at the project

folder level instead of at the project level

level now diving back into service accounts a

now diving back into service accounts a separate trust boundary should always be

separate trust boundary should always be applied for any given application in

applied for any given application in other words create a new service account

other words create a new service account when multiple components are involved in

when multiple components are involved in your application you also want to make

your application you also want to make sure that you don't delete any service

sure that you don't delete any service accounts that are in use by running

accounts that are in use by running instances as your application is likely

instances as your application is likely to fail

to fail so you will want to schedule this during

so you will want to schedule this during plan down time to avoid any outages now

plan down time to avoid any outages now earlier on in this section we discussed

earlier on in this section we discussed service account keys and how they

service account keys and how they interact with google cloud and that is

interact with google cloud and that is the main authentication mechanism used

the main authentication mechanism used for keys so you want to make sure that

for keys so you want to make sure that any user managed keys are rotated

any user managed keys are rotated periodically to avoid being compromised

periodically to avoid being compromised you can rotate a key by creating a new

you can rotate a key by creating a new key switching applications to use the

key switching applications to use the new key and then deleting the old key

new key and then deleting the old key but be sure to create the new key first

but be sure to create the new key first before deleting the old one as this will

before deleting the old one as this will result in parts or even your entire

result in parts or even your entire application failing and also when

application failing and also when working with service account keys it's

working with service account keys it's always good practice to name your

always good practice to name your service keys and this will reflect your

service keys and this will reflect your use for those keys and permissions for

use for those keys and permissions for those keys so you know what they are

those keys so you know what they are used for when you're looking at them now

used for when you're looking at them now when you are giving access to service

when you are giving access to service accounts you want to make sure that only

accounts you want to make sure that only those who truly need access are the ones

those who truly need access are the ones that have it

that have it others in your environment should be

others in your environment should be restricted to avoid any misuse now when

restricted to avoid any misuse now when it comes to keeping your service account

it comes to keeping your service account keys safe i can't stress this enough you

keys safe i can't stress this enough you never want to check in these keys source

never want to check in these keys source code or leave them in your downloads

code or leave them in your downloads directory as this is a prime way of not

directory as this is a prime way of not only getting your keys compromised but

only getting your keys compromised but compromising your entire environment to

compromising your entire environment to be accessed publicly

be accessed publicly now we touched a bit on auditing but we

now we touched a bit on auditing but we haven't really gone into it in detail

haven't really gone into it in detail and we'll be going into it later on in

and we'll be going into it later on in the course but touching on best

the course but touching on best practices

practices you want to be sure to check your cloud

you want to be sure to check your cloud audit logs regularly and audit all i am

audit logs regularly and audit all i am policy changes whenever you edit any iam

policy changes whenever you edit any iam policies a log is generated that records

policies a log is generated that records that change and so you always want to

that change and so you always want to periodically check these logs to make

periodically check these logs to make sure that there are no changes that are

sure that there are no changes that are out of your security scope you also want

out of your security scope you also want to check to see

to check to see who has editing permissions on these iam

who has editing permissions on these iam policies and make sure that those who

policies and make sure that those who hold them have the rights to do so point

hold them have the rights to do so point being is that you want to restrict who

being is that you want to restrict who has the ability to edit policies and

has the ability to edit policies and once these audit logs have been

once these audit logs have been generated you want to export them to

generated you want to export them to cloud storage so that you're able to

cloud storage so that you're able to store them for long term retention as

store them for long term retention as these logs are typically held for weeks

these logs are typically held for weeks and not years getting back to service

and not years getting back to service account keys

account keys service account key access should be

service account key access should be periodically audited for viewing of any

periodically audited for viewing of any misuse or unauthorized access and lastly

misuse or unauthorized access and lastly audit logs should also be restricted to

audit logs should also be restricted to only those who need access and others

only those who need access and others should have no permissions to view them

should have no permissions to view them and this can be done by adding a role to

and this can be done by adding a role to be able to view these logs now when

be able to view these logs now when touching on policy management you want

touching on policy management you want to grant access to all projects in your

to grant access to all projects in your organization by using an organization

organization by using an organization level policy you also want to grant

level policy you also want to grant roles to a google group instead of

roles to a google group instead of individual users as it is easier to add

individual users as it is easier to add or remove members from a google group

or remove members from a google group instead of updating an im policy and

instead of updating an im policy and finally when you need to grant multiple

finally when you need to grant multiple roles to a task you should create a

roles to a task you should create a google group as it is a lot easier to

google group as it is a lot easier to grant the roles to that group and then

grant the roles to that group and then add the users to that group as opposed

add the users to that group as opposed to adding roles to each individual user

to adding roles to each individual user and so that's all i wanted to cover on

and so that's all i wanted to cover on this short yet very important lesson on

this short yet very important lesson on best practices when it comes to iam now

best practices when it comes to iam now i know this is not the most exciting

i know this is not the most exciting topic but will become extremely

topic but will become extremely necessary when you are dealing with

necessary when you are dealing with managing users groups and policies in

managing users groups and policies in environments that require you to use iam

environments that require you to use iam securely and so please keep this in mind

securely and so please keep this in mind whenever you are working in any

whenever you are working in any environment as it will help you grant

environment as it will help you grant the proper permissions when it comes to

the proper permissions when it comes to these different topics so now i highly

these different topics so now i highly recommend that you take a break grab a

recommend that you take a break grab a tea or coffee before moving on into the

tea or coffee before moving on into the next section and so for now you can mark

next section and so for now you can mark this lesson as complete and whenever

this lesson as complete and whenever you're ready please join me in the next

you're ready please join me in the next section

section [Music]

[Music] welcome back

welcome back now i wanted to make this as easy as

now i wanted to make this as easy as possible for those students who do not

possible for those students who do not have a background in networking or any

have a background in networking or any networking knowledge in general which is

networking knowledge in general which is why i wanted to add this quick

why i wanted to add this quick networking refresher to kick off the

networking refresher to kick off the networking section of this course so

networking section of this course so with that being said let's dive in so

with that being said let's dive in so before the internet computers were

before the internet computers were standalone and didn't have the

standalone and didn't have the capabilities to send emails

capabilities to send emails transfer files or share any information

transfer files or share any information fast forward some time

fast forward some time people started to connect their

people started to connect their computers together to share and be able

computers together to share and be able to do the things that modern networks

to do the things that modern networks can do today part of being in this

can do today part of being in this network is being able to identify each

network is being able to identify each computer to know where to send and

computer to know where to send and receive files

receive files this problem was solved by using an

this problem was solved by using an address to identify each computer on the

address to identify each computer on the network like humans use a street address

network like humans use a street address to identify where they live

to identify where they live so that mail and packages can be

so that mail and packages can be delivered to them an ip address is used

delivered to them an ip address is used to identify a computer or device on any

to identify a computer or device on any network so communication between

network so communication between machines was done by the use of an ip

machines was done by the use of an ip address

address a numerical label assigned to each

a numerical label assigned to each device connected to a computer network

device connected to a computer network that uses the internet protocol for

that uses the internet protocol for communication also known as ip for short

communication also known as ip for short so for this system to work a

so for this system to work a communication system was put in place

communication system was put in place that defined how the network would

that defined how the network would function

function this system was put together as a

this system was put together as a consistent model of protocol layers

consistent model of protocol layers defining interoperability

defining interoperability between network devices and software in

between network devices and software in layers

layers to standardize how different protocols

to standardize how different protocols would communicate in this stack this

would communicate in this stack this stack is referred to as the open systems

stack is referred to as the open systems interconnection model or you may hear

interconnection model or you may hear many refer to it as the seven layer osi

many refer to it as the seven layer osi model now this is not a deep dive

model now this is not a deep dive networking course but i did feel the

networking course but i did feel the need to cover that which is necessary

need to cover that which is necessary for the understanding of the elements

for the understanding of the elements taught in this course

taught in this course for those wanting to learn more about

for those wanting to learn more about the osi model and the layers within it

the osi model and the layers within it please check out the links that i have

please check out the links that i have included in the lesson text below

included in the lesson text below so for this lesson and the next i will

so for this lesson and the next i will be covering the specific layers with its

be covering the specific layers with its protocols that are highlighted here and

protocols that are highlighted here and will help you understand the networking

will help you understand the networking concepts in this course with a bit

concepts in this course with a bit better clarity

better clarity so i'll be covering a layer 3 being the

so i'll be covering a layer 3 being the network layer layer 4 being the

network layer layer 4 being the transport layer and layer 7 being the

transport layer and layer 7 being the application layer so first up i will be

application layer so first up i will be covering layer 3 which is the networking

covering layer 3 which is the networking layer along with the internet protocol

layer along with the internet protocol now there are two versions of the

now there are two versions of the internet protocol and are managed

internet protocol and are managed globally by the regional internet

globally by the regional internet registries also known as the rir the

registries also known as the rir the first one which is ipv4

first one which is ipv4 is the original version of the internet

is the original version of the internet protocol that first came on the scene in

protocol that first came on the scene in 1981 the second version is ipv6 which is

1981 the second version is ipv6 which is a newer version designed in 2017 to deal

a newer version designed in 2017 to deal with the problem of ipv4 address

with the problem of ipv4 address exhaustion meaning that the amount of

exhaustion meaning that the amount of usable ips were slowly being used up

usable ips were slowly being used up and i will be covering both versions of

and i will be covering both versions of the internet protocol in a little bit of

the internet protocol in a little bit of depth so let's first dive into ipv

depth so let's first dive into ipv version 4. so ipv4 can be read in a

version 4. so ipv4 can be read in a human readable notation represented in

human readable notation represented in dotted decimal notation consisting of

dotted decimal notation consisting of four numbers

four numbers each ranging from 0 to 255 separated by

each ranging from 0 to 255 separated by dots each part between the dots

dots each part between the dots represents a group of 8 bits also known

represents a group of 8 bits also known as an octet a valid range for an ip

as an octet a valid range for an ip address starts from 0.0.0.0

and this would give you a total number of over 4.2 billion ip addresses now

of over 4.2 billion ip addresses now this range was viewed as extremely large

this range was viewed as extremely large back then until the number of ip

back then until the number of ip addresses available were quickly

addresses available were quickly dwindling due to the many ipconnected

dwindling due to the many ipconnected devices that we have today

devices that we have today and this is when a new addressing

and this is when a new addressing architecture was introduced called

architecture was introduced called classful addressing where the address

classful addressing where the address was split into smaller ranges and this

was split into smaller ranges and this was originally assigned to you when you

was originally assigned to you when you needed an ip address by one of the

needed an ip address by one of the registries noted before so for any given

registries noted before so for any given ip address they're typically made of two

ip address they're typically made of two separate components the first part of

separate components the first part of the address is used to identify the

the address is used to identify the network that the address is a part of

network that the address is a part of the part that comes afterwards is used

the part that comes afterwards is used to specify a specific host within that

to specify a specific host within that network now the first part was assigned

network now the first part was assigned to you and your business by the

to you and your business by the registries

registries and the second part was for you to do it

and the second part was for you to do it as you'd like and so these ip addresses

as you'd like and so these ip addresses were assigned from the smaller ranges

were assigned from the smaller ranges explained earlier called classes the

explained earlier called classes the first range of classes is class a

first range of classes is class a and it started at 0.0.0.0

and it started at 0.0.0.0 and ended at 127.255

and this would give a total number of over 2.1 billion addresses with 128

over 2.1 billion addresses with 128 different networks class a ip addresses

different networks class a ip addresses can support over 16 million hosts per

can support over 16 million hosts per network and those who were assigned

network and those who were assigned addresses in this class

addresses in this class had a fixed value of the first octet the

had a fixed value of the first octet the second third and fourth octet was free

second third and fourth octet was free for the business to assign as they

for the business to assign as they choose class a ip addresses were to be

choose class a ip addresses were to be used by huge networks like those

used by huge networks like those deployed by internet service providers

deployed by internet service providers and so when ips started to dwindle many

and so when ips started to dwindle many companies return these class a network

companies return these class a network blocks back to the registries to assist

blocks back to the registries to assist with extending addressing capacity and

with extending addressing capacity and so the next range is class b and this is

so the next range is class b and this is half the size of the class a network the

half the size of the class a network the class b network range started at one at

class b network range started at one at 128.0.0.0

and carries a total number of over 1 billion ip addresses with over 16 000

billion ip addresses with over 16 000 networks the fixed value in this class

networks the fixed value in this class is of the first and second octet the

is of the first and second octet the third and fourth octet can be done with

third and fourth octet can be done with as you like ip addresses in this class

as you like ip addresses in this class were to be used for medium and large

were to be used for medium and large size networks in enterprises and

size networks in enterprises and organizations the next range is class c

organizations the next range is class c and this is half the size of the class b

and this is half the size of the class b network the class c network range starts

network the class c network range starts at 192

and carries a total of over half a billion addresses with over two million

billion addresses with over two million networks and can support up to

networks and can support up to 256 hosts the fixed value of this class

256 hosts the fixed value of this class is the first second and third octet and

is the first second and third octet and the fourth can be done with as you like

the fourth can be done with as you like ip addresses in this class

ip addresses in this class were the most common class and were to

were the most common class and were to be used in small business and home

be used in small business and home networks now there's a couple more

networks now there's a couple more classes that were not commonly used

classes that were not commonly used called class d and class e

called class d and class e and this is beyond the scope of this

and this is beyond the scope of this course so we won't be discussing this

course so we won't be discussing this and so this was the way that was used to

and so this was the way that was used to assign public ip addresses to devices on

assign public ip addresses to devices on the internet and allowed communication

the internet and allowed communication between devices now the problem with

between devices now the problem with classful addressing was that with

classful addressing was that with businesses that needed larger address

businesses that needed larger address blocks than a class c network provided

blocks than a class c network provided they received a class b block which in

they received a class b block which in most cases was much larger than required

most cases was much larger than required and the same thing happened with

and the same thing happened with requiring more ips than class b

requiring more ips than class b and getting a class a network block this

and getting a class a network block this problem introduced a lot of wasted ips

problem introduced a lot of wasted ips as there was no real middle ground and

as there was no real middle ground and so this was a way to address any

so this was a way to address any publicly routable ips now there were

publicly routable ips now there were certain ranges that were allocated for

certain ranges that were allocated for private use and were designed to be used

private use and were designed to be used in private networks whether on-premises

in private networks whether on-premises or in cloud and again they are not

or in cloud and again they are not designed for public use and also didn't

designed for public use and also didn't have the need to communicate over the

have the need to communicate over the public internet and so these private ip

public internet and so these private ip address spaces were standardized using

address spaces were standardized using the rfc standard 1918

the rfc standard 1918 and again these ip addresses are

and again these ip addresses are designed for private use and can be used

designed for private use and can be used anywhere you like as long as they are

anywhere you like as long as they are still kept private chances are a network

still kept private chances are a network that you've come across whether it be a

that you've come across whether it be a cloud provider your home network or

cloud provider your home network or public wi-fi will use one of these

public wi-fi will use one of these classes to define their network and

classes to define their network and these are split into three ranges

these are split into three ranges first one being single class a with

first one being single class a with 10.0.0

10.0.0 ending in 10.255.255.255.

the class b range ranging from 172.16.0.0

to 172.31 dot

and lastly class c which was ranging from 192.168.0.0

now for those networks that use these private ips over the public internet the

private ips over the public internet the process they would use is a process

process they would use is a process called network address translation

called network address translation or nat for short

or nat for short and i will be covering this in a

and i will be covering this in a different lesson later on in the section

different lesson later on in the section this method of classful addressing has

this method of classful addressing has been replaced with something a bit more

been replaced with something a bit more efficient where network blocks can be

efficient where network blocks can be defined more granularly and was done due

defined more granularly and was done due to the internet running out of ipv4

to the internet running out of ipv4 addresses as we needed to allocate these

addresses as we needed to allocate these ips more efficiently now this method is

ips more efficiently now this method is called classless inter domain routing or

called classless inter domain routing or cider for short now with cider based

cider for short now with cider based networks you aren't limited to only

networks you aren't limited to only these three classes of networks class a

these three classes of networks class a b and c have been removed for something

b and c have been removed for something more efficient which will allow you to

more efficient which will allow you to create networks in any one of those

create networks in any one of those ranges cider ranges are represented by

ranges cider ranges are represented by its starting ip address called a network

its starting ip address called a network address

address followed by what is called a prefix

followed by what is called a prefix which is a slash and then a number this

which is a slash and then a number this slash number represents the size of the

slash number represents the size of the network the bigger the number the

network the bigger the number the smaller the network and the smaller the

smaller the network and the smaller the number the bigger the network given the

number the bigger the network given the example here

192.168.0.0 is the network address and the prefix is a slash 16. now at

and the prefix is a slash 16. now at this high level it is not necessary to

this high level it is not necessary to understand the math behind this but i

understand the math behind this but i will include a link in the lesson text

will include a link in the lesson text for those of you who are interested in

for those of you who are interested in learning more about it all you need to

learning more about it all you need to keep in mind is as i said before

keep in mind is as i said before the bigger the prefix number the smaller

the bigger the prefix number the smaller the network and the smaller the prefix

the network and the smaller the prefix number the bigger the network so just as

number the bigger the network so just as an example the size of this slash 16

an example the size of this slash 16 network is represented here by this

network is represented here by this circle its ip range is 192.168.0.0

and once you understand the math you will be able to tell that a slash 16

will be able to tell that a slash 16 range means that the network is the

range means that the network is the fixed value in the first and second

fixed value in the first and second octet the hosts on the network or the

octet the hosts on the network or the range are the values of anything in the

range are the values of anything in the third or fourth octets so this network

third or fourth octets so this network in total will provide us with 65

in total will provide us with 65 536

536 ip addresses now let's say you decided

ip addresses now let's say you decided to create a large network such as this

to create a large network such as this and you wanted to allocate part of it to

and you wanted to allocate part of it to another part of your business you can

another part of your business you can simply do so by splitting it in two

simply do so by splitting it in two and be left with two slash 17 networks

and be left with two slash 17 networks so instead of one slash 16 network you

so instead of one slash 16 network you will now have 2 17 networks and each

will now have 2 17 networks and each network will be assigned 32

network will be assigned 32 768 ip addresses so just to break it

768 ip addresses so just to break it down the previous network which was

down the previous network which was 192.16

forward slash 16 with the first two octets being the network which is

octets being the network which is 192.168

192.168 it leaves the third and fourth octet to

it leaves the third and fourth octet to distribute as you like and these third

distribute as you like and these third and fourth octets

and fourth octets are what you're having to create these

are what you're having to create these two networks so looking at the blue half

two networks so looking at the blue half the address range will start at 0.0 and

the address range will start at 0.0 and will end at 127.255.

will end at 127.255. the green half will start halfway

the green half will start halfway through the slash 16 network which will

through the slash 16 network which will be

be 128.0 and end at 255.255.

128.0 and end at 255.255. so now what if i was looking to break

so now what if i was looking to break this network down even further and break

this network down even further and break it into four networks well using cider

it into four networks well using cider ranges this makes things fairly easy as

ranges this makes things fairly easy as i can have it again and as shown here i

i can have it again and as shown here i would split the two slash 17 networks to

would split the two slash 17 networks to create four slash 18 networks so if i

create four slash 18 networks so if i took the blue half circle and split it

took the blue half circle and split it into two and then splitting the green

into two and then splitting the green half circle into

half circle into this would leave me with four slash 18

this would leave me with four slash 18 networks as seen here the blue quarter

networks as seen here the blue quarter would start from 192.168.0.0

ending with the last two octets of 63.255

63.255 and the red quarter which starts from

and the red quarter which starts from where the blue left off

where the blue left off starting at the last two octets of 64.0

starting at the last two octets of 64.0 and ending in 127.255.

and ending in 127.255. the green quarter again starting off

the green quarter again starting off with the previously defined 128.0

with the previously defined 128.0 network which is where the red quarter

network which is where the red quarter left off and ending with the last two

left off and ending with the last two octets being

octets being 191.255 and lastly the yellow quarter

191.255 and lastly the yellow quarter starting off from where the green

starting off from where the green quarter left off at 192.0 with the last

quarter left off at 192.0 with the last two octets ending with

two octets ending with 255.255 and so this would leave us with

255.255 and so this would leave us with four smaller slash 18 networks broken

four smaller slash 18 networks broken down from the previous two

down from the previous two 17 networks with each of these networks

17 networks with each of these networks consisting of 16

consisting of 16 384 ip addresses and we can continue

384 ip addresses and we can continue this process continuously having

this process continuously having networks and breaking them down into

networks and breaking them down into smaller networks this process of

smaller networks this process of dividing each network into two smaller

dividing each network into two smaller networks is known as subnetting and each

networks is known as subnetting and each time you subnet a network and create two

time you subnet a network and create two smaller networks the number in the

smaller networks the number in the prefix will increase and so i know this

prefix will increase and so i know this is already a lot to take in so this

is already a lot to take in so this would be a perfect time for you to grab

would be a perfect time for you to grab a coffee or a tea and i will be ending

a coffee or a tea and i will be ending part one here and part two will be

part one here and part two will be continuing immediately after part one so

continuing immediately after part one so you can now mark this lesson as complete

you can now mark this lesson as complete and i'll see you in the next one for

and i'll see you in the next one for part two

part two [Music]

[Music] welcome back and in this lesson i'm

welcome back and in this lesson i'm going to be covering the second part of

going to be covering the second part of the networking refresher now part two of

the networking refresher now part two of this lesson is starting immediately from

this lesson is starting immediately from the end of part one so with that being

the end of part one so with that being said let's dive in

said let's dive in now i know this network refresher has

now i know this network refresher has been filled with a ton of numbers

been filled with a ton of numbers with an underlying current of math but i

with an underlying current of math but i wanted you to focus on the why so that

wanted you to focus on the why so that things will make sense later i wanted to

things will make sense later i wanted to introduce the hard stuff first so that

introduce the hard stuff first so that over the length of this course you will

over the length of this course you will be able to digest this information

be able to digest this information and understand where this fits into

and understand where this fits into when discussing the different network

when discussing the different network parts of google cloud this will also

parts of google cloud this will also help you immensely in the real world as

help you immensely in the real world as well as the exam when configuring

well as the exam when configuring networks and knowing how to do the job

networks and knowing how to do the job of an engineer

of an engineer so getting right into it i wanted to

so getting right into it i wanted to just do a quick review on classless

just do a quick review on classless inter-domain routing or cider so as

inter-domain routing or cider so as discussed in the first refresher an ipv4

discussed in the first refresher an ipv4 address is referenced in dotted decimal

address is referenced in dotted decimal notation alongside the slash 16 is the

notation alongside the slash 16 is the prefix and defines how large the network

prefix and defines how large the network is and so before i move on i wanted to

is and so before i move on i wanted to give you some references that i found

give you some references that i found helpful in order to determine the size

helpful in order to determine the size of a network and so here i have

of a network and so here i have referenced three of the most common

referenced three of the most common prefixes

prefixes that i continuously run into that i

that i continuously run into that i think would be an extremely helpful

think would be an extremely helpful reference for you so if you look at the

reference for you so if you look at the first i p address

first i p address 192.168.0.0

with slash 8 as the prefix slash 8 would fall under a class a network 192 being

fall under a class a network 192 being the first octet

the first octet as well as being the network part of the

as well as being the network part of the address would be fixed and so the host

address would be fixed and so the host part of it would be anything after that

part of it would be anything after that so the address could be 192 dot anything

so the address could be 192 dot anything and this cider range would give you over

and this cider range would give you over 16 million ip addresses the second most

16 million ip addresses the second most common network that i see is a slash 16

common network that i see is a slash 16 network and this would make this ip fall

network and this would make this ip fall under a class b network making the first

under a class b network making the first two octets fixed and being the network

two octets fixed and being the network part meaning that anything after 192.168

part meaning that anything after 192.168 would be the host part meaning that the

would be the host part meaning that the address could be

192.168.anything and this would give you 65536 ip addresses and so for the third

65536 ip addresses and so for the third ip address which is probably the most

ip address which is probably the most common one that i see

common one that i see is a slash 24 network which falls under

is a slash 24 network which falls under a class c network meaning that the first

a class c network meaning that the first three octets are fixed and the fourth

three octets are fixed and the fourth octet could be anything from zero to two

octet could be anything from zero to two five five and this would give you

five five and this would give you 256 ip addresses and another common one

256 ip addresses and another common one which is the smallest that you will see

which is the smallest that you will see is a slash 32 prefix and this is one

is a slash 32 prefix and this is one that i use constantly for white listing

that i use constantly for white listing my ip address and because a slash 32 is

my ip address and because a slash 32 is one ip address this is a good one to

one ip address this is a good one to know when you are configuring vpn for

know when you are configuring vpn for yourself or you're whitelisting your ip

yourself or you're whitelisting your ip address from home or work and for the

address from home or work and for the last reference as well as being the

last reference as well as being the biggest network is the ip address of

biggest network is the ip address of 0.0.0.1

0.0.0.1 forward slash 0 which covers all ip

forward slash 0 which covers all ip addresses and you will see this commonly

addresses and you will see this commonly used for the internet gateway in any

used for the internet gateway in any cloud environment and so these are some

cloud environment and so these are some common prefixes that come up very

common prefixes that come up very frequently and so i hope this reference

frequently and so i hope this reference will help you now moving back to the osi

will help you now moving back to the osi model i've covered ipv4 in the network

model i've covered ipv4 in the network layer and so now it's time to discuss

layer and so now it's time to discuss ipv6 now as i noted earlier

ipv6 now as i noted earlier ipv4 notation is called dotted decimal

ipv4 notation is called dotted decimal and each number between the dots is an

and each number between the dots is an octet with a value of 0 to 255. now

octet with a value of 0 to 255. now underneath it all each octet is made up

underneath it all each octet is made up of an 8-bit value and having four

of an 8-bit value and having four numbers in an ip address that would make

numbers in an ip address that would make it a 32-bit value ipv6 is a much longer

it a 32-bit value ipv6 is a much longer value and is represented in hexadecimal

value and is represented in hexadecimal and each grouping is two octets which is

and each grouping is two octets which is 16 bits and is often referred to as a

16 bits and is often referred to as a hextet now as these addresses are very

hextet now as these addresses are very long as you can see you're able to

long as you can see you're able to abbreviate them by removing redundant

abbreviate them by removing redundant zeros so this example shown here is the

zeros so this example shown here is the same address as the one above it so if

same address as the one above it so if there is a sequence of zeros you can

there is a sequence of zeros you can simply replace them with one zero so in

simply replace them with one zero so in this address each grouping of four zeros

this address each grouping of four zeros can be represented by one zero and if

can be represented by one zero and if you have multiple groups of zeros in one

you have multiple groups of zeros in one address

address you can remove them all and replace them

you can remove them all and replace them with double colons so each of these ipv6

with double colons so each of these ipv6 addresses that you see here are exactly

addresses that you see here are exactly the same now each ipv6 address is 128

the same now each ipv6 address is 128 bits long and is represented in a

bits long and is represented in a similar way to

similar way to ipv4 starting with the network address

ipv4 starting with the network address and ending with the prefix each hextet

and ending with the prefix each hextet is 16 bits and the prefix number is the

is 16 bits and the prefix number is the number of bits that represent the

number of bits that represent the network with this example

network with this example slash 64 refers to the network address

slash 64 refers to the network address underlined in green which is 2001

underlined in green which is 2001 colon de3 each hextet is 16 bits and the

colon de3 each hextet is 16 bits and the prefix is 64. so that's four groups of

prefix is 64. so that's four groups of 16 and so this is how we know which part

16 and so this is how we know which part is the network part of the address and

is the network part of the address and which is the host part of the address

which is the host part of the address again notice the double colon here and

again notice the double colon here and as i explained previously any unneeded

as i explained previously any unneeded zeros can be replaced by a double colon

zeros can be replaced by a double colon and so this address would represent a

and so this address would represent a slew of zeros and so adding in all the

slew of zeros and so adding in all the zeros the ipv6 starting network address

zeros the ipv6 starting network address would look like this now because the

would look like this now because the network address starts at 2001 colon de3

network address starts at 2001 colon de3 with another two hextets of zeros as the

with another two hextets of zeros as the network address that was determined by

network address that was determined by the slash 64 prefix which is four

the slash 64 prefix which is four hextets it means a network finishes at

hextets it means a network finishes at that network address followed by all fs

that network address followed by all fs and so that's the process of how we can

and so that's the process of how we can determine the start and end of every

determine the start and end of every ipv6 network now as i've shown you

ipv6 network now as i've shown you before with all ipv4 addresses they are

before with all ipv4 addresses they are represented with a 0.0.0.0.0

and because ipv6 addresses are represented by the same network address

represented by the same network address and prefix we can represent ipv6

and prefix we can represent ipv6 addresses as double colon slash zero and

addresses as double colon slash zero and you will see this frequently when using

you will see this frequently when using ipv6 and so i know this is really

ipv6 and so i know this is really complicated but i just wanted to give

complicated but i just wanted to give you the exposure of ipv6 i don't expect

you the exposure of ipv6 i don't expect you to understand this right away

you to understand this right away in the end it should become a lot

in the end it should become a lot clearer as we go through the course and

clearer as we go through the course and i promise you it will become a lot

i promise you it will become a lot easier i had a hard time myself trying

easier i had a hard time myself trying to understand this network concept

to understand this network concept but after a few days i was able to

but after a few days i was able to digest it and as i went back and did

digest it and as i went back and did some practice it started to make a lot

some practice it started to make a lot more sense to me and so i know as we

more sense to me and so i know as we move along with the course

move along with the course that it will start making sense to you

that it will start making sense to you as well so now that we've discussed

as well so now that we've discussed layer 3 in the osi model i wanted to get

layer 3 in the osi model i wanted to get into layer 4 which is the transport

into layer 4 which is the transport layer with ip packets discussing tcp and

layer with ip packets discussing tcp and udp and so in its simplest form a packet

udp and so in its simplest form a packet is the basic unit of information in

is the basic unit of information in network transmission so most networks

network transmission so most networks use tcpip as the network protocol or set

use tcpip as the network protocol or set of rules for communication between

of rules for communication between devices and the rules of tcpip require

devices and the rules of tcpip require information to be split into packets

information to be split into packets that contain a segment of data to be

that contain a segment of data to be transferred along with the protocol and

transferred along with the protocol and its port number the originating address

its port number the originating address and the address of where the data is to

and the address of where the data is to be sent now udp is another protocol that

be sent now udp is another protocol that is sent with ip and is used in specific

is sent with ip and is used in specific applications but mostly in this course i

applications but mostly in this course i will be referring to tcpip and so as you

will be referring to tcpip and so as you can see in this diagram of the ip packet

can see in this diagram of the ip packet this is a basic datagram of what a

this is a basic datagram of what a packet would look like again with this

packet would look like again with this source and destination ip address

source and destination ip address the protocol port number and the data

the protocol port number and the data itself now this is mainly just to give

itself now this is mainly just to give you a high level understanding of tcpip

you a high level understanding of tcpip and udpip and is not a deep dive into

and udpip and is not a deep dive into networking now moving on to layer 7 of

networking now moving on to layer 7 of the osi model

the osi model this layer is used by networked

this layer is used by networked applications or applications that use

applications or applications that use the internet and so there are many

the internet and so there are many protocols that fall under this layer now

protocols that fall under this layer now these applications do not reside in this

these applications do not reside in this layer but use the protocols in this

layer but use the protocols in this layer to function so the application

layer to function so the application layer provides services for networked

layer provides services for networked applications with the help of protocols

applications with the help of protocols to perform user activities and you will

to perform user activities and you will see many of these protocols being

see many of these protocols being addressed as we go through this course

addressed as we go through this course through resources in google cloud like

through resources in google cloud like http or https for load balancing dns

http or https for load balancing dns that uses udp on port 53 and ssh on port

that uses udp on port 53 and ssh on port 22 for logging into hosts and so these

22 for logging into hosts and so these are just a few of the many scenarios

are just a few of the many scenarios where layer 7 and the protocols that

where layer 7 and the protocols that reside in that layer come up in this

reside in that layer come up in this course and we will be diving into many

course and we will be diving into many more in the lessons to come and so that

more in the lessons to come and so that about wraps up this networking refresher

about wraps up this networking refresher lesson

lesson and don't worry like i said before i'm

and don't worry like i said before i'm not expecting you to pick things up in

not expecting you to pick things up in this first go

this first go things will start to make more sense as

things will start to make more sense as we go through the course and we start

we go through the course and we start putting these networking concepts into

putting these networking concepts into practice also feel free to go back and

practice also feel free to go back and review the last couple of lessons again

review the last couple of lessons again if things didn't make sense to you the

if things didn't make sense to you the first time or if you come across some

first time or if you come across some networking challenges in future lessons

networking challenges in future lessons and so that's everything i wanted to

and so that's everything i wanted to cover so you can now mark this lesson as

cover so you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

one [Music]

[Music] welcome back in this lesson we will be

welcome back in this lesson we will be discussing the core networking service

discussing the core networking service of gcp virtual private cloud or vpc for

of gcp virtual private cloud or vpc for short it is the service that allows you

short it is the service that allows you to create networks inside google cloud

to create networks inside google cloud with both private and public

with both private and public connectivity options both for in-cloud

connectivity options both for in-cloud deployments and on-premise hybrid cloud

deployments and on-premise hybrid cloud deployments this is a service that you

deployments this is a service that you must know well as there are many

must know well as there are many questions that come up on the exam with

questions that come up on the exam with regards to vpcs so with that being said

regards to vpcs so with that being said let's dive in now vpcs are what manages

let's dive in now vpcs are what manages the networking functionality for your

the networking functionality for your google cloud resources this is a

google cloud resources this is a software defined network and is not

software defined network and is not confined to the physical limitations of

confined to the physical limitations of networking in a data center this has

networking in a data center this has been abstracted for you vpc networks

been abstracted for you vpc networks including their associated routes and

including their associated routes and firewall rules are global resources they

firewall rules are global resources they are not associated with any particular

are not associated with any particular region or zone they are global resources

region or zone they are global resources and span all available regions across

and span all available regions across the globe as explained earlier vpcs are

the globe as explained earlier vpcs are also encapsulated within projects

also encapsulated within projects projects are the logical container where

projects are the logical container where your vpcs live

your vpcs live now these vpcs do not have ip ranges but

now these vpcs do not have ip ranges but are simply a construct of all of the

are simply a construct of all of the individual ip addresses and services

individual ip addresses and services within that network the ip addresses and

within that network the ip addresses and ranges are defined within the

ranges are defined within the subnetworks that i will be diving into a

subnetworks that i will be diving into a bit later as well

bit later as well traffic to and from instances can be

traffic to and from instances can be controlled with network firewall rules

controlled with network firewall rules rules are implemented on the vms

rules are implemented on the vms themselves so traffic can be controlled

themselves so traffic can be controlled and logged as it leaves or arrives at a

and logged as it leaves or arrives at a vm

vm now resources within a vpc network

now resources within a vpc network can communicate with one another by

can communicate with one another by using internal or private ipv4 addresses

using internal or private ipv4 addresses and these are subject to applicable

and these are subject to applicable network firewall rules these resources

network firewall rules these resources must be in the same vpc for

must be in the same vpc for communication

communication otherwise they must traverse the public

otherwise they must traverse the public internet with an assigned public ip or

internet with an assigned public ip or use a vpc peering connection or

use a vpc peering connection or establish a vpn connection another

establish a vpn connection another important thing to note is that vpc

important thing to note is that vpc networks only support ipv4 unicast

networks only support ipv4 unicast traffic they do not support ipv6 traffic

traffic they do not support ipv6 traffic within the network vms in the vpc

within the network vms in the vpc network can only send to ipv4

network can only send to ipv4 destinations

destinations and only receive traffic from ipv4

and only receive traffic from ipv4 sources however it is possible to create

sources however it is possible to create an ipv6 address for a global load

an ipv6 address for a global load balancer now unless you choose to

balancer now unless you choose to disable it each new project starts with

disable it each new project starts with a default network in a vpc the default

a default network in a vpc the default network is an auto mode vpc network with

network is an auto mode vpc network with predefined subnets a subnet is allocated

predefined subnets a subnet is allocated for each region with non-overlapping

for each region with non-overlapping cider blocks also each default network

cider blocks also each default network has a default firewall rule

has a default firewall rule these rules are configured to allow

these rules are configured to allow ingress traffic

ingress traffic for icmp

for icmp rdp and ssh traffic from anywhere

rdp and ssh traffic from anywhere as well as ingress traffic from within

as well as ingress traffic from within the default network for all protocols

the default network for all protocols and ports and so there are two different

and ports and so there are two different types of vpc networks

types of vpc networks auto mode or custom mode an auto mode

auto mode or custom mode an auto mode network also has one subnet per region

network also has one subnet per region the default network is actually an auto

the default network is actually an auto mode network as explained earlier now

mode network as explained earlier now these automatically created subnets use

these automatically created subnets use a set of predefined ip ranges with a

a set of predefined ip ranges with a slash 20 cider block that can be

slash 20 cider block that can be expanded to a slash 16 cider block all

expanded to a slash 16 cider block all of these subnets

of these subnets fit within the default

10.128.0.0 ford slash 9 cider block and as new gcp regions become available

as new gcp regions become available new subnets in those regions are

new subnets in those regions are automatically added to auto mode

automatically added to auto mode networks using an ip range on that block

networks using an ip range on that block now a custom owned network does not

now a custom owned network does not automatically create subnets

automatically create subnets this type of network provides you with

this type of network provides you with complete control over its subnets and ip

complete control over its subnets and ip ranges as well as another note an auto

ranges as well as another note an auto mode network can be converted to a

mode network can be converted to a custom mode network to gain more control

custom mode network to gain more control but please be aware this conversion is

but please be aware this conversion is one way meaning that custom networks

one way meaning that custom networks cannot be changed to auto mode networks

cannot be changed to auto mode networks so when deciding on the different types

so when deciding on the different types of networks you want to use

of networks you want to use make sure that you review all of your

make sure that you review all of your considerations now custom mode vpc

considerations now custom mode vpc networks are more flexible and better

networks are more flexible and better suited to production and google

suited to production and google recommends that you use custom mode vpc

recommends that you use custom mode vpc networks in production so here is an

networks in production so here is an example of a project that contains three

example of a project that contains three networks all of these networks span

networks all of these networks span multiple regions across the globe as you

multiple regions across the globe as you can see here on the right hand side and

can see here on the right hand side and each network contains separate vms and

each network contains separate vms and so this diagram is to demonstrate that

so this diagram is to demonstrate that vms that are in the same network or vpc

vms that are in the same network or vpc can communicate privately even when

can communicate privately even when placed in separate regions because vms

placed in separate regions because vms in network a are in the same network

in network a are in the same network they can communicate over internal ip

they can communicate over internal ip addresses even though they're in

addresses even though they're in different regions essentially your vms

different regions essentially your vms can communicate even if they exist in

can communicate even if they exist in different locations across the globe as

different locations across the globe as long as they are within the same network

long as they are within the same network the vms in network b and network c

the vms in network b and network c are not in the same network therefore by

are not in the same network therefore by default these vms must communicate over

default these vms must communicate over external ips even though they're in the

external ips even though they're in the same region as no internal ip

same region as no internal ip communication is allowed between

communication is allowed between networks unless you set up vpc network

networks unless you set up vpc network peering or use a vpn connection now i

peering or use a vpn connection now i wanted to bring back the focus to the

wanted to bring back the focus to the default vpc for just a minute unless you

default vpc for just a minute unless you create an organizational policy that

create an organizational policy that prohibits it new projects will always

prohibits it new projects will always start with a default network that has

start with a default network that has one subnet in each region and again this

one subnet in each region and again this is an auto mode vpc network in this

is an auto mode vpc network in this particular example i am showing a

particular example i am showing a default vpc with seven of its default

default vpc with seven of its default regions displayed along with their ip

regions displayed along with their ip ranges and again i want to stress that

ranges and again i want to stress that vpc networks along with their associated

vpc networks along with their associated routes and firewall rules are global

routes and firewall rules are global resources they are not associated with

resources they are not associated with any particular region or zone so the

any particular region or zone so the subnets within them are regional and so

subnets within them are regional and so when an auto mode vpc network is created

when an auto mode vpc network is created one subnet from each region is

one subnet from each region is automatically created within it these

automatically created within it these automatically created subnets use a set

automatically created subnets use a set of predefined ip ranges that fit within

of predefined ip ranges that fit within the cider block that you see here

the cider block that you see here of 10.128.0.049

and as new google cloud regions become available

available new subnets in those regions are

new subnets in those regions are automatically added to auto mode vpc

automatically added to auto mode vpc networks

networks by using an ip range from that block in

by using an ip range from that block in addition to the automatically created

addition to the automatically created subnets you can add more subnets

subnets you can add more subnets manually to auto mode vpc networks in

manually to auto mode vpc networks in regions that you choose by using ip

regions that you choose by using ip ranges outside of 10.128.0.049

now if you're using a default vbc or have already created an auto mode vpc

have already created an auto mode vpc you can switch the vpc network from auto

you can switch the vpc network from auto mode to custom mode and this is a

mode to custom mode and this is a one-way conversion only as custom mode

one-way conversion only as custom mode vpc networks cannot be changed to auto

vpc networks cannot be changed to auto mode vpc networks now bringing this

mode vpc networks now bringing this theory into practice with regards to the

theory into practice with regards to the default vpc

default vpc i wanted to take the time to do a short

i wanted to take the time to do a short demo so whenever you're ready join me in

demo so whenever you're ready join me in the console

the console and so here we are back in the console

and so here we are back in the console and if i go here in the top right hand

and if i go here in the top right hand corner i am logged in as tony bowties at

corner i am logged in as tony bowties at gmail.com and in the top drop down

gmail.com and in the top drop down project menu i'm logged in under project

project menu i'm logged in under project tony and because this demo is geared

tony and because this demo is geared around the default vpc i want to

around the default vpc i want to navigate to vpc networks so i'm going to

navigate to vpc networks so i'm going to go over here to the top left hand corner

go over here to the top left hand corner to the navigation menu

to the navigation menu and i'm going to click on it and scroll

and i'm going to click on it and scroll down

down to vpc network under networking

to vpc network under networking and so as you can see here in the left

and so as you can see here in the left hand menu there are a bunch of different

hand menu there are a bunch of different options that i can choose from but i

options that i can choose from but i won't be touching on any of these topics

won't be touching on any of these topics as i have other lessons that will deep

as i have other lessons that will deep dive into those topics so in this demo

dive into those topics so in this demo i'd like to strictly touch on the

i'd like to strictly touch on the default vpc and as you can see in

default vpc and as you can see in project tony it has created a default

project tony it has created a default vpc for me with a one subnet in every

vpc for me with a one subnet in every region having its own ip address range

region having its own ip address range and so just as a reminder whenever you

and so just as a reminder whenever you create a new project a default vpc will

create a new project a default vpc will be automatically created for you and

be automatically created for you and when these subnets were created each of

when these subnets were created each of them have a route out to the public

them have a route out to the public internet and so the internet gateway is

internet and so the internet gateway is listed here its corresponding firewall

listed here its corresponding firewall rules along with global dynamic routing

rules along with global dynamic routing and flow logs are turned off and again i

and flow logs are turned off and again i will be getting deeper into routing and

will be getting deeper into routing and flow logs in later lessons in the

flow logs in later lessons in the section now earlier i had pointed out

section now earlier i had pointed out that an auto mode vpc can be converted

that an auto mode vpc can be converted to a custom vpc and it's as simple as

to a custom vpc and it's as simple as clicking this button but we don't want

clicking this button but we don't want to do that just yet and what i'd like to

to do that just yet and what i'd like to do is drill down into the default vbc

do is drill down into the default vbc and show you all the different options

and show you all the different options as you can see here the dns api has not

as you can see here the dns api has not been enabled and so for most of you a

been enabled and so for most of you a good idea would be to enable it and so

good idea would be to enable it and so i'm going to go ahead and do that now as

i'm going to go ahead and do that now as well you can see here that i can make

well you can see here that i can make adjustments to each of the different

adjustments to each of the different subnets or i can change the

subnets or i can change the configuration of the vpc itself so if i

configuration of the vpc itself so if i click on this edit button here at the

click on this edit button here at the top i'm able to change the subnet

top i'm able to change the subnet creation mode along with the dynamic

creation mode along with the dynamic routing mode which i will get into in a

routing mode which i will get into in a later lesson and the same thing with the

later lesson and the same thing with the dns server policy and so to make this

dns server policy and so to make this demo a little bit more exciting i want

demo a little bit more exciting i want to show you the process on how to expand

to show you the process on how to expand a subnet so i'm going to go into us

a subnet so i'm going to go into us central one i'm going to drill down here

central one i'm going to drill down here and here's all the configuration

and here's all the configuration settings for the default subnet in the

settings for the default subnet in the us central one region and so for me to

us central one region and so for me to edit this subnet i can simply click on

edit this subnet i can simply click on the edit button up here at the top and

the edit button up here at the top and so right below the ip address range i am

so right below the ip address range i am prompted with a note saying that the ip

prompted with a note saying that the ip ranges must be unique and

ranges must be unique and non-overlapping as we stated before and

non-overlapping as we stated before and this is a very important point to know

this is a very important point to know when you're architecting any vpcs or its

when you're architecting any vpcs or its corresponding sub networks and so i'm

corresponding sub networks and so i'm going to go ahead and change the subnet

going to go ahead and change the subnet from a cider range of 20

from a cider range of 20 and i'm going to change it to 16. i'm

and i'm going to change it to 16. i'm not going to add any secondary ip ranges

not going to add any secondary ip ranges i'm going to leave private google access

i'm going to leave private google access off and so i'm going to leave everything

off and so i'm going to leave everything else as is

else as is and simply click on save and so once

and simply click on save and so once this has completed i'll be able to see

this has completed i'll be able to see that my subnet range will go from a

that my subnet range will go from a slash 20 to a slash 16. and so here you

slash 20 to a slash 16. and so here you can see the ip address range has now

can see the ip address range has now changed to a slash 16. if i go back to

changed to a slash 16. if i go back to the main page of the vpc network i can

the main page of the vpc network i can see that the ip address range is

see that the ip address range is different from all the other ones now

different from all the other ones now you're probably asking why can't i just

you're probably asking why can't i just change the ip address range on all the

change the ip address range on all the subnets at once and so even though i'd

subnets at once and so even though i'd love to do that

love to do that unfortunately google does not give you

unfortunately google does not give you the option each subnet must be

the option each subnet must be configured one by one to change the ipa

configured one by one to change the ipa address range now i wanted to quickly

address range now i wanted to quickly jump into the default firewall rules and

jump into the default firewall rules and as discussed earlier the rules for

as discussed earlier the rules for incoming ssh

incoming ssh rdp

rdp and icmp have been pre-populated

and icmp have been pre-populated along with a default rule that allows

along with a default rule that allows incoming connections for all protocols

incoming connections for all protocols and ports

and ports among instances within the same network

among instances within the same network so when it comes to routes with regards

so when it comes to routes with regards to the vpc network the only one i really

to the vpc network the only one i really wanted to touch on is the default route

wanted to touch on is the default route to the internet and so without this

to the internet and so without this route any of the subnets in this vpc

route any of the subnets in this vpc wouldn't have access to route traffic to

wouldn't have access to route traffic to the internet and so when the default vpc

the internet and so when the default vpc is created the default internet gateway

is created the default internet gateway is also created and so now going back to

is also created and so now going back to the main page of the vpc network i

the main page of the vpc network i wanted to go through the process

wanted to go through the process of making the ip address range bigger

of making the ip address range bigger but doing it through the command line

but doing it through the command line and so i'm going to go up to the right

and so i'm going to go up to the right hand corner and open up cloud shell i'm

hand corner and open up cloud shell i'm going to make this a little bit bigger

going to make this a little bit bigger and so for this demo i'm going to

and so for this demo i'm going to increase the address range for the

increase the address range for the subnet in us west one from a slash 20 to

subnet in us west one from a slash 20 to a slash 16 and so i'm going to paste in

a slash 16 and so i'm going to paste in the command

the command which is gcloud compute networks

which is gcloud compute networks subnets expand

subnets expand ip dash range and then the name of the

ip dash range and then the name of the network which is default as well as the

network which is default as well as the region and i'm going to do uswest1 along

region and i'm going to do uswest1 along with the prefix length which is going to

with the prefix length which is going to be 16. so i'm going to hit enter

be 16. so i'm going to hit enter i've been prompted to make sure that

i've been prompted to make sure that this is what i want to do and so yes i

this is what i want to do and so yes i do want to continue so i'm going to type

do want to continue so i'm going to type in y for yes and hit enter and so within

in y for yes and hit enter and so within a few seconds i should get some

a few seconds i should get some confirmation and as expected my subnet

confirmation and as expected my subnet has been updated and so because i like

has been updated and so because i like to verify everything i'm going to now

to verify everything i'm going to now clear the screen and i'm going to paste

clear the screen and i'm going to paste in the command gcloud compute networks

in the command gcloud compute networks subnets describe and then the subnet

subnets describe and then the subnet name which is default along with the

name which is default along with the region which would be uswest1 i'm going

region which would be uswest1 i'm going to click on enter and as you can see

to click on enter and as you can see here the ipsider range is consistent

here the ipsider range is consistent with what we have changed and if i do a

with what we have changed and if i do a quick refresh on the browser

quick refresh on the browser i'll be able to see that the console has

i'll be able to see that the console has reflected the same thing and as expected

reflected the same thing and as expected the ip address range here for us west

the ip address range here for us west one in the console reflects that which

one in the console reflects that which we see here in cloud shell and so now to

we see here in cloud shell and so now to end this demo i wanted to quickly show

end this demo i wanted to quickly show you how i can delete the default vpc and

you how i can delete the default vpc and recreate it so all i need to do is to

recreate it so all i need to do is to drill into the settings

drill into the settings and then click on delete vpc network

and then click on delete vpc network right here at the top i'm going to get a

right here at the top i'm going to get a prompt to ask me if i'm sure and i'm

prompt to ask me if i'm sure and i'm going to simply click on delete now just

going to simply click on delete now just as a note if you have any resources that

as a note if you have any resources that are in any vpc networks you will not be

are in any vpc networks you will not be able to delete the vpc you would have to

able to delete the vpc you would have to delete the resources first and then

delete the resources first and then delete the vpc afterwards okay and it

delete the vpc afterwards okay and it has been successfully deleted and as you

has been successfully deleted and as you can see there are no local vpc networks

can see there are no local vpc networks in this current project and so i want to

in this current project and so i want to go ahead and recreate the default vpc so

go ahead and recreate the default vpc so i'm going to simply click on create vpc

i'm going to simply click on create vpc network and so here i'm prompted to

network and so here i'm prompted to enter in a bunch of information

enter in a bunch of information for creating this new vpc network and so

for creating this new vpc network and so keeping with the spirit of default vpcs

keeping with the spirit of default vpcs i'm going to name this vpc default

i'm going to name this vpc default i'm going to put default in the

i'm going to put default in the description and under subnet creation

description and under subnet creation mode i'm going to click on automatic and

mode i'm going to click on automatic and as you can see a prompt came up telling

as you can see a prompt came up telling me these ip address ranges will be

me these ip address ranges will be assigned to each region in your vpc

assigned to each region in your vpc network and i'm able to review the ip

network and i'm able to review the ip address ranges for each region and as

address ranges for each region and as stated before the ip address ranges for

stated before the ip address ranges for each region will always be the same

each region will always be the same every time i create

every time i create this default vpc or create a vpc in the

this default vpc or create a vpc in the automatic subnet creation mode

automatic subnet creation mode now as a note here under firewall rules

now as a note here under firewall rules if i don't select these firewall rules

if i don't select these firewall rules none will actually be created so if

none will actually be created so if you're creating a new default vpc be

you're creating a new default vpc be sure to check these off and so i'm going

sure to check these off and so i'm going to leave everything else as is and i'm

to leave everything else as is and i'm going to simply go to the bottom and

going to simply go to the bottom and click on the create button and within

click on the create button and within about a minute i should have the new

about a minute i should have the new default vpc created okay and we are back

default vpc created okay and we are back in business the default vpc has been

in business the default vpc has been recreated with all of these subnets in

recreated with all of these subnets in its corresponding regions all the ip

its corresponding regions all the ip address ranges the firewall rules

address ranges the firewall rules everything that we saw earlier in the

everything that we saw earlier in the default vpc and so that's pretty much

default vpc and so that's pretty much all i wanted to cover in this demo on

all i wanted to cover in this demo on the default vpc network along with the

the default vpc network along with the lesson on vpcs so you can now mark this

lesson on vpcs so you can now mark this lesson as complete and let's move on to

lesson as complete and let's move on to the next

one welcome back and in this lesson i'm going to be discussing vpc network

going to be discussing vpc network subnets now the terms subnet and sub

subnets now the terms subnet and sub network are synonymous and are used

network are synonymous and are used interchangeably in google cloud as

interchangeably in google cloud as you'll hear me using either one in this

you'll hear me using either one in this lesson yet i am referring to the same

lesson yet i am referring to the same thing now when you create a resource in

thing now when you create a resource in google cloud you choose a network and a

google cloud you choose a network and a subnet and so because a subnet is needed

subnet and so because a subnet is needed before creating resources some good

before creating resources some good knowledge behind it is necessary for

knowledge behind it is necessary for both building and google cloud as well

both building and google cloud as well as in the exam so in this lesson i'll be

as in the exam so in this lesson i'll be covering subnets at a deeper level with

covering subnets at a deeper level with all of its features and functionality so

all of its features and functionality so with that being said let's dive in

with that being said let's dive in now each vpc network consists of one or

now each vpc network consists of one or more useful ip range partitions

more useful ip range partitions called subnets also known in google

called subnets also known in google cloud as sub networks each subnet is

cloud as sub networks each subnet is associated with the region and vpc

associated with the region and vpc networks do not have any ip address

networks do not have any ip address ranges associated with them ip ranges

ranges associated with them ip ranges are defined for the subnets a network

are defined for the subnets a network must have at least one subnet before you

must have at least one subnet before you can use it and as mentioned earlier when

can use it and as mentioned earlier when you create a project it will create a

you create a project it will create a default vpc network with subnets in each

default vpc network with subnets in each region automatically auto mode will run

region automatically auto mode will run under this same functionality now custom

under this same functionality now custom vpc networks on the other hand start

vpc networks on the other hand start with no subnets giving you full control

with no subnets giving you full control over subnet creation and you can create

over subnet creation and you can create more than one subnet per region you

more than one subnet per region you cannot change the name or region of a

cannot change the name or region of a subnet after you've created it you would

subnet after you've created it you would have to delete the subnet and replace it

have to delete the subnet and replace it as long as no resources are using it

as long as no resources are using it primary and secondary ranges for subnets

primary and secondary ranges for subnets cannot overlap with any allocated range

cannot overlap with any allocated range any primary or secondary range of

any primary or secondary range of another subnet in the same network

another subnet in the same network or any ip ranges of subnets in peered

or any ip ranges of subnets in peered networks in other words they must be a

networks in other words they must be a unique valid cider block now when it

unique valid cider block now when it comes to ip addresses of a subnet google

comes to ip addresses of a subnet google cloud vpc has an amazing feature that

cloud vpc has an amazing feature that lets you increase the ip space of any

lets you increase the ip space of any subnets without any workload shutdown or

subnets without any workload shutdown or downtime as demonstrated earlier in the

downtime as demonstrated earlier in the previous lesson and this gives you the

previous lesson and this gives you the flexibility and growth options to meet

flexibility and growth options to meet your needs but unfortunately there are

your needs but unfortunately there are some caveats the new subnet must not

some caveats the new subnet must not overlap with other subnets in the same

overlap with other subnets in the same vpc network in any region also the new

vpc network in any region also the new subnets must stay inside the rfc 1918

subnets must stay inside the rfc 1918 address space the new network range must

address space the new network range must be larger than the original which means

be larger than the original which means the prefix length must be smaller in

the prefix length must be smaller in number and once a subnet has been

number and once a subnet has been expanded you cannot undo an expansion

expanded you cannot undo an expansion now auto mode network starts with a

now auto mode network starts with a slash 20 range that can be expanded to a

slash 20 range that can be expanded to a 16 ip range but not larger you can also

16 ip range but not larger you can also convert the auto mode network to a

convert the auto mode network to a custom mode network to increase the ip

custom mode network to increase the ip range even further and again this is a

range even further and again this is a one-way conversion

one-way conversion custom mode vpc networks cannot be

custom mode vpc networks cannot be changed to auto mode vpc networks

changed to auto mode vpc networks now in any network that is created in

now in any network that is created in google cloud

google cloud there will always be some ip addresses

there will always be some ip addresses that you will not be able to use and

that you will not be able to use and these are reserved for google and so

these are reserved for google and so every subnet has four reserved ip

every subnet has four reserved ip addresses in its primary ip range and

addresses in its primary ip range and just as a note there are no reserved ip

just as a note there are no reserved ip addresses in the secondary ip ranges and

addresses in the secondary ip ranges and these reserved ips can be looked at as

these reserved ips can be looked at as the first two and the last two ip

the first two and the last two ip addresses in the cider range now the

addresses in the cider range now the first address in the primary ip range

first address in the primary ip range for the subnet is reserved for the

for the subnet is reserved for the network the second address in the

network the second address in the primary ip range for the subnet is

primary ip range for the subnet is reserved for the default gateway and

reserved for the default gateway and allows you access to the internet the

allows you access to the internet the second to last address in the primary ip

second to last address in the primary ip range for the subnet is reserved for

range for the subnet is reserved for google cloud for potential future use

google cloud for potential future use and the last address and the ip range

and the last address and the ip range for the subnet is for broadcast

for the subnet is for broadcast and so that about covers this short yet

and so that about covers this short yet important lesson on vpc network subnets

important lesson on vpc network subnets these features and functionalities of

these features and functionalities of subnets that have been presented to you

subnets that have been presented to you will help you make better design

will help you make better design decisions that will give you a bit more

decisions that will give you a bit more knowledge and flexibility when it comes

knowledge and flexibility when it comes to assigning ipspace within your vpc

to assigning ipspace within your vpc networks and so that's all i have to

networks and so that's all i have to cover for this lesson so you can now

cover for this lesson so you can now mark this lesson as complete and let's

mark this lesson as complete and let's move on to the next one

move on to the next one [Music]

[Music] welcome back and in this lesson i'm

welcome back and in this lesson i'm going to be going through

going to be going through routing and private google access

routing and private google access now although routing doesn't really show

now although routing doesn't really show up in the exam i wanted to give you an

up in the exam i wanted to give you an inside look on how traffic is routed so

inside look on how traffic is routed so when you're building in google cloud

when you're building in google cloud you'll know exactly what you will need

you'll know exactly what you will need to do if you need to edit these routes

to do if you need to edit these routes in any way or if you need to build new

in any way or if you need to build new ones to satisfy your particular need now

ones to satisfy your particular need now private google access does pop its head

private google access does pop its head in the exam but only at a high level but

in the exam but only at a high level but i wanted to get just a bit deeper with

i wanted to get just a bit deeper with the service and get into the data flow

the service and get into the data flow of when the service is enabled so with

of when the service is enabled so with that being said let's dive in now google

that being said let's dive in now google cloud routes define the paths that

cloud routes define the paths that network traffic takes from a vm instance

network traffic takes from a vm instance to other destinations these destinations

to other destinations these destinations can be inside your google cloud vpc

can be inside your google cloud vpc network for example in another vm or

network for example in another vm or outside it in a vpc network a route

outside it in a vpc network a route consists of a single destination

consists of a single destination and a single next hop when an instance

and a single next hop when an instance in a vpc network sends a packet google

in a vpc network sends a packet google cloud delivers the packet to the route's

cloud delivers the packet to the route's next hop if the packet's destination

next hop if the packet's destination address is within the route's

address is within the route's destination range

destination range and so all these routes are stored in

and so all these routes are stored in the routing table for the vpc now for

the routing table for the vpc now for those of you who are not familiar with a

those of you who are not familiar with a routing table in computer networking a

routing table in computer networking a routing table is a data table stored in

routing table is a data table stored in a router or a network host that lists

a router or a network host that lists the routes to particular network

the routes to particular network destinations and so in this case the vpc

destinations and so in this case the vpc is responsible for storing the routing

is responsible for storing the routing table as well each vm instance has a

table as well each vm instance has a controller that is kept informed of all

controller that is kept informed of all applicable routes

applicable routes from the network's routing table each

from the network's routing table each packet leaving a vm

packet leaving a vm is delivered to the appropriate next hop

is delivered to the appropriate next hop of an applicable route based on a

of an applicable route based on a routing order now i wanted to take a

routing order now i wanted to take a couple minutes to go through the

couple minutes to go through the different routing types that are

different routing types that are available on google cloud now in google

available on google cloud now in google cloud there are two types of routing

cloud there are two types of routing there is the system generated which

there is the system generated which offers the default and subnet route and

offers the default and subnet route and then there are the custom routes which

then there are the custom routes which support static routes and dynamic routes

support static routes and dynamic routes and so i first wanted to cover system

and so i first wanted to cover system generated routes in a little bit of

generated routes in a little bit of depth and so every new network whether

depth and so every new network whether it be an automatic vpc or a custom vpc

it be an automatic vpc or a custom vpc has two types of system generated routes

has two types of system generated routes a default route which you can remove or

a default route which you can remove or replace and one subnet route for each of

replace and one subnet route for each of its subnets now when you create a vpc

its subnets now when you create a vpc network google cloud creates a system

network google cloud creates a system generated default route and this route

generated default route and this route serves two purposes it defines the path

serves two purposes it defines the path out of the vpc network including the

out of the vpc network including the path to the internet in addition to

path to the internet in addition to having this route instances must meet

having this route instances must meet additional requirements if they need

additional requirements if they need internet access the default route also

internet access the default route also provides a standard path for private

provides a standard path for private google access and if you want to

google access and if you want to completely isolate your network from the

completely isolate your network from the internet or if you need to replace the

internet or if you need to replace the default route with the custom route you

default route with the custom route you can delete the default route now if you

can delete the default route now if you remove the default route and do not

remove the default route and do not replace it packets destined to ip ranges

replace it packets destined to ip ranges that are not covered by other routes are

that are not covered by other routes are dropped lastly the system generated

dropped lastly the system generated default route has a priority of 1000

default route has a priority of 1000 because its destination is the broadest

because its destination is the broadest possible which covers all ip addresses

possible which covers all ip addresses in the

0.0.0.0.0 range google cloud only uses it if a route with a more specific

it if a route with a more specific destination does not apply to a packet

destination does not apply to a packet and i'll be getting into priorities in

and i'll be getting into priorities in just a little bit and so now that we've

just a little bit and so now that we've covered the default route i wanted to

covered the default route i wanted to get into the subnet route now subnet

get into the subnet route now subnet routes are system generated routes that

routes are system generated routes that define paths to each subnet in the vpc

define paths to each subnet in the vpc network each subnet has at least one

network each subnet has at least one subnet route whose destination matches

subnet route whose destination matches the primary ip range of the subnet if

the primary ip range of the subnet if the subnet has secondary ip ranges

the subnet has secondary ip ranges google cloud creates a subnet route with

google cloud creates a subnet route with a corresponding destination for each

a corresponding destination for each secondary range no other route can have

secondary range no other route can have a destination that matches

a destination that matches or is more specific than the destination

or is more specific than the destination of a subnet route you can create a

of a subnet route you can create a custom route that has a broader

custom route that has a broader destination range that contains the

destination range that contains the subnet route's destination range now

subnet route's destination range now when a subnet is created a corresponding

when a subnet is created a corresponding subnet route for the subnet's primary

subnet route for the subnet's primary and secondary ip range is also created

and secondary ip range is also created auto mode vpc networks create a subnet

auto mode vpc networks create a subnet route for the primary ip ranges of each

route for the primary ip ranges of each of their automatically created subnets

of their automatically created subnets you can delete these subnets but only if

you can delete these subnets but only if you convert the auto mode vpc network to

you convert the auto mode vpc network to custom mode and you cannot delete a

custom mode and you cannot delete a subnet route unless you modify or delete

subnet route unless you modify or delete the subnet so when you delete a subnet

the subnet so when you delete a subnet all subnet routes for both primary and

all subnet routes for both primary and secondary ranges are deleted

secondary ranges are deleted automatically you cannot delete the

automatically you cannot delete the subnet route for the subnet's primary

subnet route for the subnet's primary range in any other way and just as a

range in any other way and just as a note when networks are connected by

note when networks are connected by using vpc network peering which i will

using vpc network peering which i will get into a little bit later some subnet

get into a little bit later some subnet routes from one network are imported

routes from one network are imported into the other network and vice versa

into the other network and vice versa and cannot be removed unless you break

and cannot be removed unless you break the peering relationship and so when you

the peering relationship and so when you break the peering relationship all

break the peering relationship all imported subnet routes from the other

imported subnet routes from the other network are automatically removed so now

network are automatically removed so now that we've covered the system generated

that we've covered the system generated routes i wanted to get into custom

routes i wanted to get into custom routes now custom routes are either

routes now custom routes are either static routes that you can create

static routes that you can create manually or dynamic routes maintained

manually or dynamic routes maintained automatically by one or more of your

automatically by one or more of your cloud routers and these are created on

cloud routers and these are created on top of the already created system

top of the already created system generated routes destinations for custom

generated routes destinations for custom routes cannot match or be specific than

routes cannot match or be specific than any subnet route in the network now

any subnet route in the network now static routes can use any of the static

static routes can use any of the static route next hops and these can be created

route next hops and these can be created manually if you use the google cloud

manually if you use the google cloud console to create a cloud vpn tunnel

console to create a cloud vpn tunnel that uses policy-based routing or one

that uses policy-based routing or one that is a route based vpn static routes

that is a route based vpn static routes for the remote traffic selectors are

for the remote traffic selectors are created for you and so just to give you

created for you and so just to give you a little bit more clarity and a little

a little bit more clarity and a little bit of context i've included a

bit of context i've included a screenshot here for all the different

screenshot here for all the different routes that are available for the next

routes that are available for the next hop we have the default internet gateway

hop we have the default internet gateway to define a path to external ip

to define a path to external ip addresses specify an instance and this

addresses specify an instance and this is where traffic is directed to the

is where traffic is directed to the primary internal ip address of the vm's

primary internal ip address of the vm's network interface in the vpc network

network interface in the vpc network where you define the route specify ip

where you define the route specify ip address is where you provide an internal

address is where you provide an internal ip address assigned to a google cloud vm

ip address assigned to a google cloud vm as a next hop for cloud vpn tunnels that

as a next hop for cloud vpn tunnels that use policy based routing and route-based

use policy based routing and route-based vpns you can direct traffic to the vpn

vpns you can direct traffic to the vpn tunnel by creating routes whose next

tunnel by creating routes whose next hops refer to the tunnel by its name and

hops refer to the tunnel by its name and region and just as a note google cloud

region and just as a note google cloud ignores routes whose next hops are cloud

ignores routes whose next hops are cloud vpn tunnels that are down and lastly for

vpn tunnels that are down and lastly for internal tcp and udp low balancing you

internal tcp and udp low balancing you can use a load balancer's ip address as

can use a load balancer's ip address as a next hop that distributes traffic

a next hop that distributes traffic among healthy back-end instances custom

among healthy back-end instances custom static routes that use this next hop

static routes that use this next hop cannot be scoped to specific instances

cannot be scoped to specific instances by network tags and so when creating

by network tags and so when creating static routes you will always be asked

static routes you will always be asked for different parameters that are needed

for different parameters that are needed in order to create this route and so

in order to create this route and so here i've taken a screenshot from the

here i've taken a screenshot from the console to give you a bit more context

console to give you a bit more context with regards to the information that's

with regards to the information that's needed so first up is the name and

needed so first up is the name and description

description so these fields identify the route a

so these fields identify the route a name is required but a description is

name is required but a description is optional and every route in your project

optional and every route in your project must have a unique name next up is the

must have a unique name next up is the network and each route must be

network and each route must be associated with exactly one vpc network

associated with exactly one vpc network in this case it happens to be the

in this case it happens to be the default network but if you have other

default network but if you have other networks available you're able to click

networks available you're able to click on the drop down arrow and choose a

on the drop down arrow and choose a different network the destination range

different network the destination range is a single ipv4 cider block that

is a single ipv4 cider block that contains the ip addresses of systems

contains the ip addresses of systems that receive incoming packets and the ip

that receive incoming packets and the ip range must be entered as a valid ipv4

range must be entered as a valid ipv4 cider block as shown in the example

cider block as shown in the example below the field now if multiple routes

below the field now if multiple routes have identical destinations priority is

have identical destinations priority is used to determine which route should be

used to determine which route should be used so a lower number would indicate a

used so a lower number would indicate a higher priority for example a route with

higher priority for example a route with a priority value of 100 has a higher

a priority value of 100 has a higher priority than one with a priority value

priority than one with a priority value of 200 so the highest route priority

of 200 so the highest route priority means the smallest possible non-negative

means the smallest possible non-negative number as well another great example is

number as well another great example is if you look back on your default routes

if you look back on your default routes all your subnet routes are of a priority

all your subnet routes are of a priority of zero and the default internet gateway

of zero and the default internet gateway is of a priority of 1000 and therefore

is of a priority of 1000 and therefore the subnet routes will take priority

the subnet routes will take priority over the default internet gateway and

over the default internet gateway and this is due to the smaller number so

this is due to the smaller number so remember a good rule of thumb is that

remember a good rule of thumb is that the lower the number the higher the

the lower the number the higher the priority the higher the number the lower

priority the higher the number the lower the priority now to get a little bit

the priority now to get a little bit more granular you can specify a list of

more granular you can specify a list of network tags so that the route only

network tags so that the route only applies to instances that have at least

applies to instances that have at least one of the listed tags and if you don't

one of the listed tags and if you don't specify any tags then google cloud

specify any tags then google cloud applies the route to all instances in

applies the route to all instances in the network and finally next hop which

the network and finally next hop which was shown previously this is dedicated

was shown previously this is dedicated to static routes that have next hops

to static routes that have next hops that point to the options shown earlier

that point to the options shown earlier so now that i've covered static routes

so now that i've covered static routes in a bit of detail i want to get into

in a bit of detail i want to get into dynamic routes now dynamic routes are

dynamic routes now dynamic routes are managed by one or more cloud routers and

managed by one or more cloud routers and this allows you to dynamically exchange

this allows you to dynamically exchange routes between a vpc network and an

routes between a vpc network and an on-premises network with dynamic routes

on-premises network with dynamic routes their destinations always represent ip

their destinations always represent ip ranges outside of your vpc network

ranges outside of your vpc network and their next hops are always bgp peer

and their next hops are always bgp peer addresses a cloud router can manage

addresses a cloud router can manage dynamic routes for cloud vpn tunnels

dynamic routes for cloud vpn tunnels that use dynamic routing as well as

that use dynamic routing as well as cloud interconnect and don't worry i'll

cloud interconnect and don't worry i'll be getting into cloud routers in a bit

be getting into cloud routers in a bit of detail in a later lesson now i wanted

of detail in a later lesson now i wanted to take a minute to go through routing

to take a minute to go through routing order and the routing order deals with

order and the routing order deals with priorities that i touched on a little

priorities that i touched on a little bit earlier now subnet routes are always

bit earlier now subnet routes are always considered first because google cloud

considered first because google cloud requires that subnet routes have the

requires that subnet routes have the most specific destinations matching the

most specific destinations matching the ip address ranges of their respective

ip address ranges of their respective subnets if no applicable destination is

subnets if no applicable destination is found google cloud drops the packet and

found google cloud drops the packet and replies with a network unreachable error

replies with a network unreachable error system generated routes apply to all

system generated routes apply to all instances in the vpc network the scope

instances in the vpc network the scope of instances to which subnet routes

of instances to which subnet routes apply cannot be altered although you can

apply cannot be altered although you can replace the default route and so just as

replace the default route and so just as a note custom static routes apply to all

a note custom static routes apply to all instances or specific instances so if

instances or specific instances so if the route doesn't have a network tag the

the route doesn't have a network tag the route applies to all instances in the

route applies to all instances in the network now vpc networks have special

network now vpc networks have special routes that are used for certain

routes that are used for certain services and these are referred to as

services and these are referred to as special return paths in google cloud

special return paths in google cloud these routes are defined outside of your

these routes are defined outside of your vpc network in google's production

vpc network in google's production network they don't appear in your vpc

network they don't appear in your vpc network's routing table you cannot

network's routing table you cannot remove them or override them or if you

remove them or override them or if you delete or replace a default route in

delete or replace a default route in your vpc network although you can

your vpc network although you can control traffic to and from these

control traffic to and from these services by using firewall rules and the

services by using firewall rules and the services that are covered are load

services that are covered are load balancers internet aware proxy or iap as

balancers internet aware proxy or iap as well as cloud dns and so before i end

well as cloud dns and so before i end this lesson i wanted to touch on private

this lesson i wanted to touch on private google access now vm instances that only

google access now vm instances that only have internal ip addresses can use

have internal ip addresses can use private google access and this allows

private google access and this allows them to reach the external ip addresses

them to reach the external ip addresses of google's apis and services the source

of google's apis and services the source ip address of the packet can be the

ip address of the packet can be the primary internal ip address of the

primary internal ip address of the network interface or an address in an

network interface or an address in an alias ip range that is assigned to the

alias ip range that is assigned to the interface if you disable private google

interface if you disable private google access the vm instances can no longer

access the vm instances can no longer reach google apis and services and will

reach google apis and services and will only be able to send traffic within the

only be able to send traffic within the vpc network private google access has no

vpc network private google access has no effect on instances that have

effect on instances that have external ip addresses and can still

external ip addresses and can still access the internet they don't need any

access the internet they don't need any special configuration to send requests

special configuration to send requests to the external ip addresses of google

to the external ip addresses of google apis and services you enable private

apis and services you enable private google access on a subnet by subnet

google access on a subnet by subnet basis and it's a setting for subnets in

basis and it's a setting for subnets in a vpc network and i will be showing you

a vpc network and i will be showing you this in an upcoming demo where we'll be

this in an upcoming demo where we'll be building our own custom vpc network now

building our own custom vpc network now even though the next hop for the

even though the next hop for the required routes is called the default

required routes is called the default internet gateway

internet gateway and the ip addresses for google apis and

and the ip addresses for google apis and services are external requests to google

services are external requests to google apis and services from vms that only

apis and services from vms that only hold internal ip addresses in subnet 1

hold internal ip addresses in subnet 1 where private google access is enabled

where private google access is enabled are not sent through the public internet

are not sent through the public internet those requests stay within google's

those requests stay within google's network as well vms that only have

network as well vms that only have internal ip addresses do not meet the

internal ip addresses do not meet the internet access requirements

internet access requirements for access to other external ip

for access to other external ip addresses

addresses beyond those for google apis and

beyond those for google apis and services now touching on this diagram

services now touching on this diagram here

here firewall rules in the vpc network have

firewall rules in the vpc network have been configured to allow internet access

been configured to allow internet access vm1 can access google apis and services

vm1 can access google apis and services including cloud storage because its

including cloud storage because its network interface is located in subnet 1

network interface is located in subnet 1 which has private google access enabled

which has private google access enabled and because this instance only has an

and because this instance only has an internal ip address

internal ip address private google access applies to this

private google access applies to this instance now with vm2 it can also access

instance now with vm2 it can also access google apis and services including cloud

google apis and services including cloud storage because it has an external ip

storage because it has an external ip address private google access has no

address private google access has no effect on this instance as it has an

effect on this instance as it has an external ip address and private google

external ip address and private google access has not been enabled on that

access has not been enabled on that subnet and because both of these

subnet and because both of these instances are in the same network they

instances are in the same network they are still able to communicate with each

are still able to communicate with each other over an internal subnet route and

other over an internal subnet route and so this is just one way where private

so this is just one way where private google access can be applied there are

google access can be applied there are some other options for private access as

some other options for private access as well you can use private google access

well you can use private google access to connect to google apis and services

to connect to google apis and services from your on-premises network through a

from your on-premises network through a cloud vpn tunnel or cloud interconnect

cloud vpn tunnel or cloud interconnect without having any external ip addresses

without having any external ip addresses you also have the option of using

you also have the option of using private google access through a vpc

private google access through a vpc network peering connection which is

network peering connection which is known as private services access and

known as private services access and finally the last option available for

finally the last option available for private google access is connecting

private google access is connecting directly from serverless google services

directly from serverless google services through an internal vpc connection now i

through an internal vpc connection now i know this has been a lot of theory to

know this has been a lot of theory to take in but i promise it'll become a lot

take in but i promise it'll become a lot easier and concepts will become less

easier and concepts will become less complicated when we start putting this

complicated when we start putting this into practice coming up soon in the demo

into practice coming up soon in the demo of building our own custom vpc and so

of building our own custom vpc and so that's pretty much all i wanted to cover

that's pretty much all i wanted to cover when it comes to routing and private

when it comes to routing and private google access so you can now mark this

google access so you can now mark this lesson as complete and let's move on to

lesson as complete and let's move on to the next one

the next one [Music]

[Music] welcome back and in this lesson i'm

welcome back and in this lesson i'm going to be discussing ip addressing now

going to be discussing ip addressing now in the network refresher lesson i went

in the network refresher lesson i went into a bit of depth on how i p addresses

into a bit of depth on how i p addresses are broken down and used for

are broken down and used for communication in computer networks in

communication in computer networks in this lesson i'll be getting into the

this lesson i'll be getting into the available types of ip addressing in

available types of ip addressing in google cloud and how they are used in

google cloud and how they are used in each different scenario please note for

each different scenario please note for the exam a high level overview will be

the exam a high level overview will be needed to know when it comes to ip

needed to know when it comes to ip addressing but the details behind it

addressing but the details behind it will give you a better understanding on

will give you a better understanding on when to use each type of ip address so

when to use each type of ip address so with that being said let's dive in

with that being said let's dive in now ip addressing in google cloud holds

now ip addressing in google cloud holds quite a few categories

quite a few categories and really start by determining whether

and really start by determining whether you are planning for communication

you are planning for communication internally within your vpc or for

internally within your vpc or for external use to communicate with the

external use to communicate with the outside world through the internet once

outside world through the internet once you determine the type of communication

you determine the type of communication that you're looking to apply between

that you're looking to apply between resources some more decisions need to be

resources some more decisions need to be made with regards to the other options

made with regards to the other options and i will be going through these

and i will be going through these options in just a sec now in order to

options in just a sec now in order to make these options a little bit more

make these options a little bit more digestible i wanted to start off with

digestible i wanted to start off with the options available for internal ip

the options available for internal ip addresses

addresses now internal ip addresses are not

now internal ip addresses are not publicly advertised they are used only

publicly advertised they are used only within a network now every vpc network

within a network now every vpc network or on-premises network has at least one

or on-premises network has at least one internal ip address range resources with

internal ip address range resources with internal ip addresses communicate with

internal ip addresses communicate with other resources as if they're all on the

other resources as if they're all on the same private network now every vm

same private network now every vm instance can have one primary internal

instance can have one primary internal ip address that is unique to the vpc

ip address that is unique to the vpc network and you can assign a specific

network and you can assign a specific internal ip address when you create a vm

internal ip address when you create a vm instance or you can reserve a static

instance or you can reserve a static internal ip address for your project and

internal ip address for your project and assign that address to your resources if

assign that address to your resources if you don't specify an address one will be

you don't specify an address one will be automatically assigned to the vm in

automatically assigned to the vm in either case the address must belong to

either case the address must belong to the ip range of the subnet and so if

the ip range of the subnet and so if your network is an auto mode vpc network

your network is an auto mode vpc network the address comes from the region subnet

the address comes from the region subnet if your network is a custom mode vpc

if your network is a custom mode vpc network you must specify which subnet

network you must specify which subnet the ip address comes from now all

the ip address comes from now all subnets have a primary sider range which

subnets have a primary sider range which is the range of internal ip addresses

is the range of internal ip addresses that define the subnet each vm instance

that define the subnet each vm instance gets its primary internal ip address

gets its primary internal ip address from this range you can also allocate

from this range you can also allocate alias ip ranges from that primary range

alias ip ranges from that primary range or you can add a secondary range to the

or you can add a secondary range to the subnet and allocate alias ip ranges from

subnet and allocate alias ip ranges from the secondary range use of alias ip

the secondary range use of alias ip ranges does not require secondary subnet

ranges does not require secondary subnet ranges these secondary subnet ranges

ranges these secondary subnet ranges merely provide an organizational tool

merely provide an organizational tool now when using ip aliasing you can

now when using ip aliasing you can configure multiple internal ip addresses

configure multiple internal ip addresses representing containers or applications

representing containers or applications hosted in a vm without having to define

hosted in a vm without having to define a separate network interface and you can

a separate network interface and you can assign vm alias ip ranges from either

assign vm alias ip ranges from either the subnet's primary or secondary ranges

the subnet's primary or secondary ranges when alias ip ranges are configured

when alias ip ranges are configured google cloud automatically installs vpc

google cloud automatically installs vpc network routes for primary and alias ip

network routes for primary and alias ip ranges for the subnet of your primary

ranges for the subnet of your primary network interface your container

network interface your container orchestrator or gke does not need to

orchestrator or gke does not need to specify vpc network connectivity for

specify vpc network connectivity for these routes and this simplifies routing

these routes and this simplifies routing traffic and managing your containers now

traffic and managing your containers now when choosing either an auto mode vpc or

when choosing either an auto mode vpc or a custom vpc you will have the option to

a custom vpc you will have the option to choose either an ephemeral ip or a

choose either an ephemeral ip or a static ip now an ephemeral ip address is

static ip now an ephemeral ip address is an ip address that doesn't persist

an ip address that doesn't persist beyond the life of the resource for

beyond the life of the resource for example when you create an instance or

example when you create an instance or forwarding rule without specifying an ip

forwarding rule without specifying an ip address google cloud will automatically

address google cloud will automatically assign the resource an ephemeral ip

assign the resource an ephemeral ip address and this ephemeral ip address is

address and this ephemeral ip address is released when you delete the resource

released when you delete the resource when the ip address is released it is

when the ip address is released it is free to eventually be assigned to

free to eventually be assigned to another resource so is never a great

another resource so is never a great option if you depend on this ip to

option if you depend on this ip to remain the same this ephemeral ip

remain the same this ephemeral ip address can be automatically assigned

address can be automatically assigned and will be assigned from the selected

and will be assigned from the selected region subnet as well if you have

region subnet as well if you have ephemeral ip addresses that are

ephemeral ip addresses that are currently in use

currently in use you can promote these addresses to

you can promote these addresses to static internal ip addresses so that

static internal ip addresses so that they remain with your project until you

they remain with your project until you actively remove them and just as a note

actively remove them and just as a note before you reserve an existing ip

before you reserve an existing ip address you will need the value of the

address you will need the value of the ip address that you want to promote now

ip address that you want to promote now reserving a static ip address

reserving a static ip address assigns the address to your project

assigns the address to your project until you explicitly release it this is

until you explicitly release it this is useful if you are dependent on a

useful if you are dependent on a specific ip address for a specific

specific ip address for a specific service and need to prevent another

service and need to prevent another resource from being able to use the same

resource from being able to use the same address static addresses are also useful

address static addresses are also useful if you need to move an ip address from

if you need to move an ip address from one google cloud resource to another and

one google cloud resource to another and you also have the same options when

you also have the same options when creating an internal load balancer as

creating an internal load balancer as you do with vm instances and so now that

you do with vm instances and so now that we've covered all the options for

we've covered all the options for internal ip addresses i would like to

internal ip addresses i would like to move on to cover all the available

move on to cover all the available options for external ip addresses now

options for external ip addresses now you can assign an external ip address to

you can assign an external ip address to an instance or a forwarding rule if you

an instance or a forwarding rule if you need to communicate with the internet

need to communicate with the internet with resources in another network or

with resources in another network or need to communicate with a public google

need to communicate with a public google cloud service sources from outside a

cloud service sources from outside a google cloud vpc network can address a

google cloud vpc network can address a specific resource by the external ip

specific resource by the external ip address as long as firewall rules enable

address as long as firewall rules enable the connection and only resources with

the connection and only resources with an external ip address can send and

an external ip address can send and receive traffic directly to and from

receive traffic directly to and from outside the network and like internal ip

outside the network and like internal ip addresses external ip addresses have the

addresses external ip addresses have the option of choosing from an ephemeral or

option of choosing from an ephemeral or static ip address now an ephemeral

static ip address now an ephemeral external ip address is an ip address

external ip address is an ip address that doesn't persist beyond the life of

that doesn't persist beyond the life of the resource and so follows the same

the resource and so follows the same rules as ephemeral internal ip addresses

rules as ephemeral internal ip addresses so when you create an instance or

so when you create an instance or forwarding rule without specifying an ip

forwarding rule without specifying an ip address the resource is automatically

address the resource is automatically assigned an ephemeral external ip

assigned an ephemeral external ip address and this is something that you

address and this is something that you will see quite often ephemeral external

will see quite often ephemeral external ip addresses are released from a

ip addresses are released from a resource if you delete the resource for

resource if you delete the resource for vm instances the ephemeral external ip

vm instances the ephemeral external ip address is also released if you stop the

address is also released if you stop the instance so after you restart the

instance so after you restart the instance it is assigned a new ephemeral

instance it is assigned a new ephemeral external ip address and if you have an

external ip address and if you have an existing vm that doesn't have an

existing vm that doesn't have an external ip address you can assign one

external ip address you can assign one to it forwarding rules always have an ip

to it forwarding rules always have an ip address whether external or internal so

address whether external or internal so you don't need to assign an ip address

you don't need to assign an ip address to a forwarding rule after it is created

to a forwarding rule after it is created and if your instance has an ephemeral

and if your instance has an ephemeral external ip address and you want to

external ip address and you want to permanently assign the ip to your

permanently assign the ip to your project like ephemeral internal ip

project like ephemeral internal ip addresses you have the option to promote

addresses you have the option to promote the ip address from ephemeral to static

the ip address from ephemeral to static and in this case promoting an ephemeral

and in this case promoting an ephemeral external ip address to a static external

external ip address to a static external ip address now when assigning a static

ip address now when assigning a static ip address these are assigned to a

ip address these are assigned to a project long term until they are

project long term until they are explicitly released from that assignment

explicitly released from that assignment and remain attached to a resource until

and remain attached to a resource until they are explicitly detached for vm

they are explicitly detached for vm instances static external ip addresses

instances static external ip addresses remain attached to stopped instances

remain attached to stopped instances until they are removed and this is

until they are removed and this is useful if you are dependent on a

useful if you are dependent on a specific ip address for a specific

specific ip address for a specific service like a web server or a global

service like a web server or a global load balancer that needs access to the

load balancer that needs access to the internet static external ip addresses

internet static external ip addresses can be either a regional or global

can be either a regional or global resource

resource in a regional static ip address allows

in a regional static ip address allows resources of that region

resources of that region or resources of zones within that region

or resources of zones within that region to use the ip address and just as a note

to use the ip address and just as a note you can use your own publicly routable

you can use your own publicly routable ip address prefixes as google cloud

ip address prefixes as google cloud external ip addresses and advertise them

external ip addresses and advertise them on the internet the only caveat is that

on the internet the only caveat is that you must own and bring at the minimum a

you must own and bring at the minimum a 24 cider block and so now that we've

24 cider block and so now that we've discussed internal and external ip

discussed internal and external ip addressing options i wanted to move into

addressing options i wanted to move into internal ip address reservations now

internal ip address reservations now static internal ips provide the ability

static internal ips provide the ability to reserve internal ip addresses

to reserve internal ip addresses from the ip range configured in the

from the ip range configured in the subnet then assign those reserved

subnet then assign those reserved internal addresses to resources as

internal addresses to resources as needed reserving an internal ip address

needed reserving an internal ip address takes that address out of the dynamic

takes that address out of the dynamic allocation pool and prevents it from

allocation pool and prevents it from being used for automatic allocations

being used for automatic allocations with the ability to reserve static

with the ability to reserve static internal ip addresses you can always use

internal ip addresses you can always use the same ip address for the same

the same ip address for the same resource even if you have to delete and

resource even if you have to delete and recreate the resource so when it comes

recreate the resource so when it comes to internal ip address reservation you

to internal ip address reservation you can either reserve a static internal ip

can either reserve a static internal ip address before creating the associated

address before creating the associated resource or you can create the resource

resource or you can create the resource with an ephemeral internal ip address

with an ephemeral internal ip address and then promote that ephemeral ip

and then promote that ephemeral ip address to a static internal ip address

address to a static internal ip address and so just to give you a bit more

and so just to give you a bit more context i have a diagram here to run you

context i have a diagram here to run you through it so in the first example you

through it so in the first example you would create a subnet from your vpc

would create a subnet from your vpc network you would then reserve an

network you would then reserve an internal ip address from that subnet's

internal ip address from that subnet's primary ip range and in this diagram is

primary ip range and in this diagram is marked as 10.12.4.3

marked as 10.12.4.3 and will be held as reserved for later

and will be held as reserved for later use with a resource and then when you

use with a resource and then when you decide to create a vm instance or an

decide to create a vm instance or an internal load balancer you can use the

internal load balancer you can use the reserved ip address that was created in

reserved ip address that was created in the previous step that i p address then

the previous step that i p address then becomes marked as reserved and in use

becomes marked as reserved and in use now touching on the second example you

now touching on the second example you would first create a subnet from your

would first create a subnet from your vpc network

vpc network you would then create a vm instance or

you would then create a vm instance or an internal load balancer with either an

an internal load balancer with either an automatically allocated ephemeral ip

automatically allocated ephemeral ip address or a specific ip address that

address or a specific ip address that you've chosen from within that specific

you've chosen from within that specific subnet and so once the ephemeral ip

subnet and so once the ephemeral ip address is in use you can then promote

address is in use you can then promote the ephemeral ip address to a static

the ephemeral ip address to a static internal ip address and would then

internal ip address and would then become reserved and in use now when it

become reserved and in use now when it comes to the external ip address

comes to the external ip address reservation

reservation you are able to obtain a static external

you are able to obtain a static external ip address by using one of the following

ip address by using one of the following two options you can either reserve a new

two options you can either reserve a new static external ip address and then

static external ip address and then assign the address to a new vm instance

assign the address to a new vm instance or you can promote an existing ephemeral

or you can promote an existing ephemeral external ip address to become a static

external ip address to become a static external ip address now in the case of

external ip address now in the case of external ip addresses you can reserve

external ip addresses you can reserve two different types

two different types a regional ip address which can be used

a regional ip address which can be used by vm instances with one or more network

by vm instances with one or more network interfaces or by network load balancers

interfaces or by network load balancers these ip addresses can be created either

these ip addresses can be created either in the console or through the command

in the console or through the command line with the limitation that you will

line with the limitation that you will only be allowed to create ipv4 ip

only be allowed to create ipv4 ip addresses the other type is a global ip

addresses the other type is a global ip address which can be used for global

address which can be used for global load balancers and can be created either

load balancers and can be created either in the console or through the command

in the console or through the command line as shown here the limitation here

line as shown here the limitation here is that you must choose the premium

is that you must choose the premium network service tier in order to create

network service tier in order to create a global ip address

a global ip address and after reserving the address you can

and after reserving the address you can finally assign it to an instance during

finally assign it to an instance during instance creation or to an existing

instance creation or to an existing instance and so as you can see there is

instance and so as you can see there is a lot to take in when it comes to

a lot to take in when it comes to understanding ip addressing and i hope

understanding ip addressing and i hope this lesson has given you some better

this lesson has given you some better insight as to which type of ips should

insight as to which type of ips should be used in a specific scenario now don't

be used in a specific scenario now don't worry the options may seem overwhelming

worry the options may seem overwhelming but once you start working with ip

but once you start working with ip addresses more often the options will

addresses more often the options will become so much clearer on what to use

become so much clearer on what to use and when and as i said in the beginning

and when and as i said in the beginning only high level concepts are needed to

only high level concepts are needed to know for the exam but knowing the

know for the exam but knowing the options will allow you to make better

options will allow you to make better decisions

decisions in your daily role as a cloud engineer

in your daily role as a cloud engineer and so that's pretty much all i wanted

and so that's pretty much all i wanted to cover when it comes to ip addressing

to cover when it comes to ip addressing in google cloud and so now that we've

in google cloud and so now that we've covered the theory behind ip addressing

covered the theory behind ip addressing in google cloud i wanted to bring this

in google cloud i wanted to bring this into the console for a demo where we

into the console for a demo where we will get hands-on with creating both

will get hands-on with creating both internal and external static ip

internal and external static ip addresses so as i explained before there

addresses so as i explained before there was a lot to take in with this lesson so

was a lot to take in with this lesson so now would be a perfect opportunity to

now would be a perfect opportunity to get up and have a stretch grab yourself

get up and have a stretch grab yourself a tea or a coffee and whenever you're

a tea or a coffee and whenever you're ready join me back in the console so you

ready join me back in the console so you can now mark this lesson as complete and

can now mark this lesson as complete and i'll see you in the next

i'll see you in the next [Music]

[Music] welcome back in this demonstration i'm

welcome back in this demonstration i'm going to be going over how to create and

going to be going over how to create and apply both internal and external static

apply both internal and external static ip addresses i'm going to show how to

ip addresses i'm going to show how to create them in both the console and the

create them in both the console and the command line as well as how to promote

command line as well as how to promote ip addresses from ephemeral ips to

ip addresses from ephemeral ips to static ips and once we're done creating

static ips and once we're done creating all the ip addresses i'm going to show

all the ip addresses i'm going to show you the steps on how to delete them now

you the steps on how to delete them now there's a lot to get done here so let's

there's a lot to get done here so let's dive in now for this demonstration i'm

dive in now for this demonstration i'm going to be using a project that has the

going to be using a project that has the default vpc created and so in my case i

default vpc created and so in my case i will be using project bowtieinc dev and

will be using project bowtieinc dev and so before you start make sure that your

so before you start make sure that your default vpc is created in the project

default vpc is created in the project that you had selected so in order to do

that you had selected so in order to do that i'm going to head over to the

that i'm going to head over to the navigation menu i'm going to scroll down

navigation menu i'm going to scroll down to vpc network and we're going to see

to vpc network and we're going to see here that the default vpc has been

here that the default vpc has been created and so i can go ahead and start

created and so i can go ahead and start the demonstration and so the first thing

the demonstration and so the first thing i wanted to demonstrate is how to create

i wanted to demonstrate is how to create a static internal ip address and so in

a static internal ip address and so in order for me to demonstrate this i'm

order for me to demonstrate this i'm going to be using a vm instance and so

going to be using a vm instance and so i'm going to head over to the navigation

i'm going to head over to the navigation menu again and i'm going to scroll down

menu again and i'm going to scroll down to compute engine

to compute engine and so here i'm going to create my new

and so here i'm going to create my new instance by simply clicking on create

instance by simply clicking on create instance and so under name i'm going to

instance and so under name i'm going to keep it as instance 1. under region you

keep it as instance 1. under region you want to select us east one and i'm going

want to select us east one and i'm going to keep the zone as the default selected

to keep the zone as the default selected under machine type i'm going to select

under machine type i'm going to select the drop down and select e2 micro and

the drop down and select e2 micro and i'm going to leave everything else as

i'm going to leave everything else as the default i'm going to scroll down

the default i'm going to scroll down here to management security disks

here to management security disks networking and soul tenancy and i'm

networking and soul tenancy and i'm going to select the networking tab from

going to select the networking tab from there

there and so under here i'm going to select

and so under here i'm going to select under network interfaces the default

under network interfaces the default network interface and here is where i

network interface and here is where i can create my static internal ip and so

can create my static internal ip and so clicking on the drop down under primary

clicking on the drop down under primary internal ip you will see ephemeral

internal ip you will see ephemeral automatic ephemeral custom and reserve

automatic ephemeral custom and reserve static internal ip address and so you're

static internal ip address and so you're going to select reserve static internal

going to select reserve static internal ip address and you'll get a pop-up

ip address and you'll get a pop-up prompting you with some fields to fill

prompting you with some fields to fill out to reserve a static internal ip

out to reserve a static internal ip address and so under name i'm going to

address and so under name i'm going to call this

call this static dash internal and for the

static dash internal and for the purposes of this demo i'm going to leave

purposes of this demo i'm going to leave the subnet and the static ip address as

the subnet and the static ip address as the currently selected if i wanted to

the currently selected if i wanted to select a specific ip address i can click

select a specific ip address i can click on this drop down and select let me

on this drop down and select let me choose and this will give me the option

choose and this will give me the option to enter in a custom ip address with the

to enter in a custom ip address with the subnet range that is selected for this

subnet range that is selected for this specific sub network and so because i'm

specific sub network and so because i'm not going to do that i'm going to select

not going to do that i'm going to select assign automatically i'm going to leave

assign automatically i'm going to leave the purpose as non-shared and i'm going

the purpose as non-shared and i'm going to simply click on reserve and this is

to simply click on reserve and this is going to reserve this specific ip

going to reserve this specific ip address and now as you can see here i

address and now as you can see here i have the primary internal ip marked as

have the primary internal ip marked as static internal and so this is going to

static internal and so this is going to be my first static internal ip address

be my first static internal ip address and so once you've done these steps you

and so once you've done these steps you can simply click on done and you can

can simply click on done and you can head on down to the bottom and simply

head on down to the bottom and simply click on create to create the instance

click on create to create the instance and when the instance finishes creating

and when the instance finishes creating you will see the internal static ip

you will see the internal static ip address and as you can see here your

address and as you can see here your static internal ip address has been

static internal ip address has been assigned to the default network

assigned to the default network interface on instance 1. and so in order

interface on instance 1. and so in order for me to view this static internal ip

for me to view this static internal ip address in the console i can view this

address in the console i can view this in vpc networks and drill down into the

in vpc networks and drill down into the specific vpc and find it under static

specific vpc and find it under static internal ip addresses but i wanted to

internal ip addresses but i wanted to show you how to view it by querying it

show you how to view it by querying it through the command line and so in order

through the command line and so in order to do this i'm going to simply go up to

to do this i'm going to simply go up to the menu bar on the right hand side and

the menu bar on the right hand side and open up cloud shell and once cloud shell

open up cloud shell and once cloud shell has come up you're going to simply paste

has come up you're going to simply paste in the command

in the command gcloud compute addresses list and this

gcloud compute addresses list and this will give me a list of the internal ip

will give me a list of the internal ip addresses that are available and so now

addresses that are available and so now i'm going to be prompted to authorize

i'm going to be prompted to authorize this api call using my credentials and i

this api call using my credentials and i definitely do so i'm going to click on

definitely do so i'm going to click on authorize and as expected the static

authorize and as expected the static internal ip address that we created

internal ip address that we created earlier has shown up it's marked as

earlier has shown up it's marked as internal in the region of us east one in

internal in the region of us east one in the default subnet and the status is in

the default subnet and the status is in use and so as we discussed in the last

use and so as we discussed in the last lesson static ip addresses persist even

lesson static ip addresses persist even after the resource has been deleted and

after the resource has been deleted and so to demonstrate this i'm going to now

so to demonstrate this i'm going to now delete the instance i'm going to simply

delete the instance i'm going to simply check off the instance and go up to the

check off the instance and go up to the top and click on delete you're going to

top and click on delete you're going to be prompted to make sure if you want to

be prompted to make sure if you want to delete this yes i do so i'm going to

delete this yes i do so i'm going to click on delete and so now that the

click on delete and so now that the instance has been deleted i'm going to

instance has been deleted i'm going to query the ip addresses again by using

query the ip addresses again by using the same command gcloud compute

the same command gcloud compute addresses list i'm going to hit enter

addresses list i'm going to hit enter and as you can see here the ip address

and as you can see here the ip address static dash internal still persists but

static dash internal still persists but the status is now marked as reserved and

the status is now marked as reserved and so if i wanted to use this ip address

so if i wanted to use this ip address for another instance i can do so by

for another instance i can do so by simply clicking on create instance up

simply clicking on create instance up here at the top menu and then i can

here at the top menu and then i can select static dash internal as my ip

select static dash internal as my ip address so i'm going to quickly close

address so i'm going to quickly close down cloud shell

down cloud shell and i'm going to leave the name as

and i'm going to leave the name as instance one the region

instance one the region can select us east one and we're going

can select us east one and we're going to keep the zone as the default selected

to keep the zone as the default selected under machine type you're going to

under machine type you're going to select the e2 micro machine type going

select the e2 micro machine type going to scroll down to management security

to scroll down to management security disks networking into soul tenancy and

disks networking into soul tenancy and i'm going to select the networking tab

i'm going to select the networking tab from under here

from under here and under network interfaces i'm going

and under network interfaces i'm going to select the default network interface

to select the default network interface and under primary internal ip

and under primary internal ip if i click on the drop down i have the

if i click on the drop down i have the option of selecting the static dash

option of selecting the static dash internal static ip address and so i

internal static ip address and so i wanted to move on to demonstrate how to

wanted to move on to demonstrate how to promote an internal ephemeral ip address

promote an internal ephemeral ip address to an internal static ip address and so

to an internal static ip address and so in order to do this i'm going to select

in order to do this i'm going to select on ephemeral automatic and i'm going to

on ephemeral automatic and i'm going to scroll down and click on done and i'm

scroll down and click on done and i'm going to go ahead and create the

going to go ahead and create the instance and once the instance is ready

instance and once the instance is ready i'll be able to go in and edit the

i'll be able to go in and edit the network interface and so the instance is

network interface and so the instance is up and ready and so i'm going to drill

up and ready and so i'm going to drill down into the instance

down into the instance and i'm going to go up to the top and

and i'm going to go up to the top and click on edit i'm going to scroll down

click on edit i'm going to scroll down to network interfaces and i'm going to

to network interfaces and i'm going to edit the default network interface so

edit the default network interface so i'm going to scroll down a little bit

i'm going to scroll down a little bit more and here under internal iptype i'm

more and here under internal iptype i'm going to click on the drop down and i'm

going to click on the drop down and i'm going to select static

going to select static and so here you are taking the current

and so here you are taking the current ip address which is 10.142.0.4

ip address which is 10.142.0.4 and promoting it to a static internal ip

and promoting it to a static internal ip address and so you're going to be

address and so you're going to be prompted with a pop-up confirming the

prompted with a pop-up confirming the reservation for that static internal ip

reservation for that static internal ip address and so notice that i don't have

address and so notice that i don't have any other options and so all i'm going

any other options and so all i'm going to do is type in a name and i'm going to

to do is type in a name and i'm going to call this promoted

call this promoted static and i'm going to click on reserve

static and i'm going to click on reserve and this will promote the internal ip

and this will promote the internal ip address from an ephemeral ip address to

address from an ephemeral ip address to a static ip address and so now i'm just

a static ip address and so now i'm just going to click on done

going to click on done and i'm going to scroll down and click

and i'm going to scroll down and click on save and so now because i want to

on save and so now because i want to verify the ip address i'm going to go

verify the ip address i'm going to go ahead and open up the cloud shell again

ahead and open up the cloud shell again and i'm going to use the same command

and i'm going to use the same command that i used earlier which is gcloud

that i used earlier which is gcloud compute addresses list and i'm going to

compute addresses list and i'm going to hit enter

hit enter as expected the promoted static ip

as expected the promoted static ip address is showing as an internal ip

address is showing as an internal ip address in the region of us east 1 in

address in the region of us east 1 in the default subnet and its status is in

the default subnet and its status is in use and so just as a recap we've created

use and so just as a recap we've created a static internal ip address for the

a static internal ip address for the first instance and for the second

first instance and for the second instance we promoted an ephemeral

instance we promoted an ephemeral internal ip address into a static

internal ip address into a static internal ip address and we were able to

internal ip address and we were able to verify this through cloud shell using

verify this through cloud shell using the gcloud compute addresses list

the gcloud compute addresses list command and so this is the end of part

command and so this is the end of part one of this demo it was getting a bit

one of this demo it was getting a bit long so i decided to break it up and

long so i decided to break it up and this would be a great opportunity for

this would be a great opportunity for you to get up and have a stretch get

you to get up and have a stretch get yourself a coffee or tea and whenever

yourself a coffee or tea and whenever you're ready join me in part two where

you're ready join me in part two where we will be starting immediately from the

we will be starting immediately from the end of part one so you can now mark this

end of part one so you can now mark this as complete and i'll see you in the next

as complete and i'll see you in the next one

one [Music]

[Music] welcome back this is part two of the

welcome back this is part two of the creating internal and external ip

creating internal and external ip addresses demo and we will be starting

addresses demo and we will be starting immediately from the end of part one so

immediately from the end of part one so with that being said let's dive in and

with that being said let's dive in and so now that we've gone through how to

so now that we've gone through how to both create static ip addresses and

both create static ip addresses and promote ephemeral ip addresses to static

promote ephemeral ip addresses to static ip addresses for internal ips

ip addresses for internal ips i want to go ahead and go through the

i want to go ahead and go through the same with external ips and so i'm going

same with external ips and so i'm going to first start off by deleting this

to first start off by deleting this instance i'm going to go ahead and click

instance i'm going to go ahead and click on delete

on delete and so instead of doing it through the

and so instead of doing it through the compute engine interface i want to go

compute engine interface i want to go into the external ip address interface

into the external ip address interface which can be found in the vpc network

which can be found in the vpc network menu

menu so i'm going to go ahead up to the left

so i'm going to go ahead up to the left hand corner click on the navigation menu

hand corner click on the navigation menu and i'm going to scroll down to vpc

and i'm going to scroll down to vpc network

network and from the menu here on the left hand

and from the menu here on the left hand side you can simply click on external ip

side you can simply click on external ip addresses

addresses and here you will see the console where

and here you will see the console where you can create a static external ip

you can create a static external ip address and so to start the process you

address and so to start the process you can simply click on reserve static

can simply click on reserve static address and so here you'll be prompted

address and so here you'll be prompted with a bunch of fields to fill out to

with a bunch of fields to fill out to create this new external static ip

create this new external static ip address and so for the name of this

address and so for the name of this static ip address you can simply call

static ip address you can simply call this external dash static i'm going to

this external dash static i'm going to use the same in the description now here

use the same in the description now here under network service tier i can choose

under network service tier i can choose from either the premium or the standard

from either the premium or the standard and as you can see i'm currently using

and as you can see i'm currently using the premium network service tier and if

the premium network service tier and if i hover over the question mark over here

i hover over the question mark over here it tells me a little bit more about this

it tells me a little bit more about this network service tier and as you can see

network service tier and as you can see the premium tier allows me higher

the premium tier allows me higher performance as well as lower latency

performance as well as lower latency routing but this premium routing comes

routing but this premium routing comes at a cost

at a cost whereas the standard network service

whereas the standard network service tier offers a lower performance compared

tier offers a lower performance compared to the premium network service tier and

to the premium network service tier and is a little bit more cost effective but

is a little bit more cost effective but still delivering performance that's

still delivering performance that's comparable with other cloud providers

comparable with other cloud providers and so i'm just going to leave it as the

and so i'm just going to leave it as the default selected and as we discussed in

default selected and as we discussed in the previous lesson ipv6 external static

the previous lesson ipv6 external static ip addresses can only be used for global

ip addresses can only be used for global load balancers and so since we're only

load balancers and so since we're only using it for an instance an ipv4 address

using it for an instance an ipv4 address will suffice and so just as a note for

will suffice and so just as a note for network service tier if i click on

network service tier if i click on standard ipv6 is grayed out as well as

standard ipv6 is grayed out as well as the global selection and this is because

the global selection and this is because in order to use global load balancing

in order to use global load balancing you need to be using the premium network

you need to be using the premium network service tier so whenever you're creating

service tier so whenever you're creating a global load balancer please keep this

a global load balancer please keep this in mind as your cost may increase so i'm

in mind as your cost may increase so i'm going to switch this back to premium and

going to switch this back to premium and so under type i'm going to keep it as

so under type i'm going to keep it as regional and under region i'm going to

regional and under region i'm going to select the same region that my instance

select the same region that my instance is going to be in which is us east 1 and

is going to be in which is us east 1 and because i haven't created the instance

because i haven't created the instance yet there is nothing to attach it to and

yet there is nothing to attach it to and so i'm going to click on the drop down

so i'm going to click on the drop down and click on none and so just as another

and click on none and so just as another note i wanted to quickly highlight this

note i wanted to quickly highlight this caution point that the static ip

caution point that the static ip addresses

addresses not attached to an instance or low

not attached to an instance or low balancer are still billed at an hourly

balancer are still billed at an hourly rate so if you're not using any static

rate so if you're not using any static ip addresses

ip addresses please remember to delete them otherwise

please remember to delete them otherwise you will be charged and so everything

you will be charged and so everything looks good here to create my external

looks good here to create my external static ip address so i'm going to simply

static ip address so i'm going to simply click on reserve

click on reserve and this will create my external static

and this will create my external static ip address

ip address and put the status of it as reserved so

and put the status of it as reserved so as you can see here the external static

as you can see here the external static ip address has been created and you will

ip address has been created and you will find all of your external static ip

find all of your external static ip addresses that you create in future

addresses that you create in future right here in this menu and you will

right here in this menu and you will still be able to query all these

still be able to query all these external ip addresses from the command

external ip addresses from the command line and so now in order to assign this

line and so now in order to assign this ip address to a network interface i'm

ip address to a network interface i'm going to go back over to the navigation

going to go back over to the navigation menu and scroll down to compute engine

menu and scroll down to compute engine and create a new instance so you can go

and create a new instance so you can go ahead and click on create instance i'm

ahead and click on create instance i'm going to go ahead and keep the name of

going to go ahead and keep the name of this instance as instance one and in the

this instance as instance one and in the region i'm going to select us east one

region i'm going to select us east one i'm going to keep the zone as the

i'm going to keep the zone as the selected default and under machine type

selected default and under machine type i'm going to select the e2 micro machine

i'm going to select the e2 micro machine type i'm going to scroll down to

type i'm going to scroll down to management security disks networking and

management security disks networking and soul tenancy and i'm going to select the

soul tenancy and i'm going to select the networking tab and here under network

networking tab and here under network interfaces i'm going to select the

interfaces i'm going to select the default network interface i'm going to

default network interface i'm going to scroll down a little bit here and under

scroll down a little bit here and under external ip

external ip ephemeral has been selected but if i

ephemeral has been selected but if i click on the drop down i will have the

click on the drop down i will have the option to select the ip that we had just

option to select the ip that we had just created which is the external dash

created which is the external dash static ip and so i'm going to select

static ip and so i'm going to select that i'm going to click on done and you

that i'm going to click on done and you can go down and click on create and so

can go down and click on create and so now when the instance is created i will

now when the instance is created i will see the external ip address

see the external ip address of external static as the assigned

of external static as the assigned external ip and as expected here it is

external ip and as expected here it is and because i always like to verify my

and because i always like to verify my work i'm going to go ahead and open up

work i'm going to go ahead and open up the cloud shell and verify it through

the cloud shell and verify it through the command line

the command line and so now i'm going to query all my

and so now i'm going to query all my available static ip addresses using the

available static ip addresses using the command gcloud compute addresses list

command gcloud compute addresses list i'm going to hit enter

i'm going to hit enter and as you can see here the external

and as you can see here the external static ip address of 34.75.76

in the us east one region is now in use and this is because it is assigned to

and this is because it is assigned to the network interface on instance one

the network interface on instance one and so before we go ahead and complete

and so before we go ahead and complete this demo there's one more step that i

this demo there's one more step that i wanted to go through and this is to

wanted to go through and this is to promote an ephemeral external ip address

promote an ephemeral external ip address to a static external ip address and so

to a static external ip address and so i'm going to go up here to the top menu

i'm going to go up here to the top menu and create a new instance i'm going to

and create a new instance i'm going to leave the name here as instance two

leave the name here as instance two under the region i'm going to select us

under the region i'm going to select us east one i'm going to keep the zone as

east one i'm going to keep the zone as the selected default under machine type

the selected default under machine type i'm going to select the e2 micro machine

i'm going to select the e2 micro machine type i'm going to leave everything else

type i'm going to leave everything else as the default and i'm going to scroll

as the default and i'm going to scroll down to management security disks

down to management security disks networking and soul tenancy and select

networking and soul tenancy and select the networking tab and i'm going to

the networking tab and i'm going to verify that i'm going to be using an

verify that i'm going to be using an ephemeral external ip upon the creation

ephemeral external ip upon the creation of this instance if i scroll down here a

of this instance if i scroll down here a little bit i can see that an external

little bit i can see that an external ephemeral ip address will be used upon

ephemeral ip address will be used upon creation and this will be the ip address

creation and this will be the ip address that i will be promoting to a static ip

that i will be promoting to a static ip through the command line so i'm going to

through the command line so i'm going to go ahead and scroll down click on done

go ahead and scroll down click on done and then i'm going to scroll down and

and then i'm going to scroll down and click on create and once this instance

click on create and once this instance is created then i can go ahead and

is created then i can go ahead and promote the ephemeral external ip

promote the ephemeral external ip address okay and the instance has been

address okay and the instance has been created along with its external

created along with its external ephemeral ip address and so now i can go

ephemeral ip address and so now i can go ahead and promote this ephemeral ip

ahead and promote this ephemeral ip address so in order for me to do this

address so in order for me to do this i'm going to move back to my cloud shell

i'm going to move back to my cloud shell and i'm going to quickly clear my screen

and i'm going to quickly clear my screen and i'm going to use the command gcloud

and i'm going to use the command gcloud compute addresses create and then the

compute addresses create and then the name that we want to use for this static

name that we want to use for this static external ip address so i'm going to call

external ip address so i'm going to call this promoted external i'm going to use

this promoted external i'm going to use the flag dash dash addresses and so here

the flag dash dash addresses and so here i will need the external ip address that

i will need the external ip address that i am promoting

i am promoting which is going to be 104.196.219.42

and so i'm going to copy this to my clipboard and i'm going to paste it here

clipboard and i'm going to paste it here in the command line and now i'm going to

in the command line and now i'm going to add the region flag

add the region flag along with the region of us east one and

along with the region of us east one and i'm going to go ahead and hit enter

i'm going to go ahead and hit enter and success my ephemeral external ip

and success my ephemeral external ip address has been promoted to a static

address has been promoted to a static external ip address and of course to

external ip address and of course to verify it i'm going to simply type in

verify it i'm going to simply type in the gcloud compute addresses list

the gcloud compute addresses list command i'm going to hit enter and as

command i'm going to hit enter and as expected here it is the promoted

expected here it is the promoted external ip of 104.196.219.42

marked as external in the u.s east one region and the status is marked as in

region and the status is marked as in use and so i wanted to take a moment to

use and so i wanted to take a moment to congratulate you on making it through

congratulate you on making it through this demonstration of creating internal

this demonstration of creating internal and external ip addresses as well as

and external ip addresses as well as promoting them so just as a recap you've

promoting them so just as a recap you've created a static internal ip address in

created a static internal ip address in conjunction with creating a new instance

conjunction with creating a new instance and assigning it to that instance you

and assigning it to that instance you then created another instance and used

then created another instance and used an ephemeral ip and then promoted it to

an ephemeral ip and then promoted it to a static internal ip address

a static internal ip address you then created an external static ip

you then created an external static ip address using the console and assigned

address using the console and assigned it to a brand new instance you then

it to a brand new instance you then created another instance using an

created another instance using an external ephemeral ip address and

external ephemeral ip address and promoted it to a static external ip

promoted it to a static external ip address and you did this all using both

address and you did this all using both the console and the command line so i

the console and the command line so i wanted to congratulate you on a great

wanted to congratulate you on a great job now before we end this demonstration

job now before we end this demonstration i wanted to go through the steps of

i wanted to go through the steps of cleaning up any leftover resources so

cleaning up any leftover resources so the first thing you want to do is delete

the first thing you want to do is delete these instances so you can select them

these instances so you can select them all and go up to the top and click on

all and go up to the top and click on delete it's going to ask you if you want

delete it's going to ask you if you want to delete the two instances yes we do

to delete the two instances yes we do click on delete and this will delete

click on delete and this will delete your instances and free up the external

your instances and free up the external ip addresses so that you're able to

ip addresses so that you're able to delete them and so now that the

delete them and so now that the instances have been deleted i'm going to

instances have been deleted i'm going to go over to the vpc network menu and i'm

go over to the vpc network menu and i'm going to head on over to the external ip

going to head on over to the external ip address console

address console and here i'm able to delete the external

and here i'm able to delete the external ip addresses and so i'm going to select

ip addresses and so i'm going to select all of them and i'm going to go up to

all of them and i'm going to go up to the top menu and click on release static

the top menu and click on release static address and you should get a prompt

address and you should get a prompt asking you if you want to delete both

asking you if you want to delete both these addresses the answer is yes click

these addresses the answer is yes click on delete and within a few seconds these

on delete and within a few seconds these external ip addresses should be deleted

external ip addresses should be deleted and so now all that's left to delete are

and so now all that's left to delete are the two static internal ip addresses

the two static internal ip addresses and as i said before because there is no

and as i said before because there is no console to be able to view any of these

console to be able to view any of these static internal ip addresses i have to

static internal ip addresses i have to do it through the command line so i'm

do it through the command line so i'm going to go back to my cloud shell i'm

going to go back to my cloud shell i'm going to clear the screen and i'm going

going to clear the screen and i'm going to list the ip addresses currently in my

to list the ip addresses currently in my network and so here they are promoted

network and so here they are promoted static and static internal and so the

static and static internal and so the command to delete any static ip

command to delete any static ip addresses is as follows gcloud compute

addresses is as follows gcloud compute addresses delete the name of the ip

addresses delete the name of the ip address that i want to delete which is

address that i want to delete which is promoted static and then i will need the

promoted static and then i will need the region flag and it'll be the region of

region flag and it'll be the region of us east one and i'm going to go ahead

us east one and i'm going to go ahead and hit enter it's going to prompt me if

and hit enter it's going to prompt me if i want to continue with this and i'm

i want to continue with this and i'm going to type y for yes hit enter

going to type y for yes hit enter and success it has been deleted and so

and success it has been deleted and so just a double check i'm going to do a

just a double check i'm going to do a quick verification

quick verification and yes it has been deleted and so all

and yes it has been deleted and so all that's left to delete is the static

that's left to delete is the static internal ip address and so i'm going to

internal ip address and so i'm going to paste in the command

paste in the command gcloud compute addresses delete the name

gcloud compute addresses delete the name of the ip address that i want to delete

of the ip address that i want to delete which is static dash internal along with

which is static dash internal along with the region flag of us east one i'm going

the region flag of us east one i'm going to go ahead and hit enter

to go ahead and hit enter y for yes to continue

y for yes to continue and success and one last verification to

and success and one last verification to make sure that it's all cleared up and

make sure that it's all cleared up and as you can see i have no more static i p

as you can see i have no more static i p addresses and so this concludes this

addresses and so this concludes this demonstration on creating assigning and

demonstration on creating assigning and deleting both static internal and static

deleting both static internal and static external ip addresses and so again i

external ip addresses and so again i wanted to congratulate you on a great

wanted to congratulate you on a great job and so that's pretty much all i

job and so that's pretty much all i wanted to cover

wanted to cover in this demo on creating internal and

in this demo on creating internal and external static ip addresses so you can

external static ip addresses so you can now mark this as complete and i'll see

now mark this as complete and i'll see you in the next one

you in the next one [Music]

[Music] welcome back

welcome back in this lesson i will be diving into

in this lesson i will be diving into some network security by introducing vpc

some network security by introducing vpc firewall rules a service used to filter

firewall rules a service used to filter incoming and outgoing network traffic

incoming and outgoing network traffic based on a set of user-defined rules

based on a set of user-defined rules a concept that you should be fairly

a concept that you should be fairly familiar with for the exam

familiar with for the exam and comes up extremely often when

and comes up extremely often when working as an engineer in google cloud

working as an engineer in google cloud it is definitely an essential security

it is definitely an essential security layer that prevents unwanted access to

layer that prevents unwanted access to your cloud infrastructure

your cloud infrastructure now vpc firewall rules apply to a given

now vpc firewall rules apply to a given project and network

project and network and if you'd like you can also apply

and if you'd like you can also apply firewall rules across an organization

firewall rules across an organization but i will be sticking to strictly vpc

but i will be sticking to strictly vpc firewall rules in this lesson now vpc

firewall rules in this lesson now vpc firewall rules let you allow or deny

firewall rules let you allow or deny connections

connections to or from your vm instances

to or from your vm instances based on a configuration that you

based on a configuration that you specify

specify and these rules apply to either incoming

and these rules apply to either incoming connections or outgoing connections

connections or outgoing connections but never both at the same time enabled

but never both at the same time enabled vpc firewall rules are always enforced

vpc firewall rules are always enforced regardless of their configuration and

regardless of their configuration and operating system even if they have not

operating system even if they have not started up now every vpc network

started up now every vpc network functions as a distributed firewall

functions as a distributed firewall when firewall rules are defined at the

when firewall rules are defined at the network level connections are allowed or

network level connections are allowed or denied on a per instance basis

denied on a per instance basis so you can think of the vpc firewall

so you can think of the vpc firewall rules as existing not only between your

rules as existing not only between your instances and other networks

instances and other networks but also between individual instances

but also between individual instances within the same network now when you

within the same network now when you create a vpc firewall rule you specify a

create a vpc firewall rule you specify a vpc network and a set of components that

vpc network and a set of components that define what the rule does

define what the rule does the components enable you to target

the components enable you to target certain types of traffic

certain types of traffic based on the traffic's protocol ports

based on the traffic's protocol ports sources and destinations when you create

sources and destinations when you create or modify a firewall rule you can

or modify a firewall rule you can specify the instances

specify the instances to which it is intended to apply

to which it is intended to apply by using the target component of the

by using the target component of the rule now in addition to firewall rules

rule now in addition to firewall rules that you create google cloud has other

that you create google cloud has other rules that can affect incoming or

rules that can affect incoming or outgoing connections so for instance

outgoing connections so for instance google cloud doesn't allow certain ip

google cloud doesn't allow certain ip protocols

protocols such as egress traffic on tcp port 25

such as egress traffic on tcp port 25 within a vpc network and protocols other

within a vpc network and protocols other than tcp udp

than tcp udp icmp and gre

icmp and gre to external ip addresses of google cloud

to external ip addresses of google cloud resources are blocked google cloud

resources are blocked google cloud always allows communication between a vm

always allows communication between a vm instance and its corresponding metadata

instance and its corresponding metadata server at 169.254

and this server is essential to the operation of the instance

operation of the instance so the instance can access it regardless

so the instance can access it regardless of any firewall rules that you configure

of any firewall rules that you configure the metadata server provides some basic

the metadata server provides some basic services to the instance like dhcp dns

services to the instance like dhcp dns resolution instance metadata and network

resolution instance metadata and network time protocol or ntp now just as a note

time protocol or ntp now just as a note every network has two implied firewall

every network has two implied firewall rules that permit outgoing connections

rules that permit outgoing connections and block incoming connections firewall

and block incoming connections firewall rules that you create can override these

rules that you create can override these implied rules now the first implied rule

implied rules now the first implied rule is the allow egress rule and this is an

is the allow egress rule and this is an egress rule whose action is allow and

egress rule whose action is allow and the destination is all ips and the

the destination is all ips and the priority is the lowest possible and lets

priority is the lowest possible and lets any instance send traffic to any

any instance send traffic to any destination except for traffic blocked

destination except for traffic blocked by google cloud the second implied

by google cloud the second implied firewall rule is the deny ingress rule

firewall rule is the deny ingress rule and this is an ingress rule whose action

and this is an ingress rule whose action is deny and the source is all ips and

is deny and the source is all ips and the priority is the lowest possible and

the priority is the lowest possible and protects all instances by blocking

protects all instances by blocking incoming connections to them now i know

incoming connections to them now i know we touched on this earlier on in a

we touched on this earlier on in a previous lesson but i felt the need to

previous lesson but i felt the need to bring it up as these are pre-populated

bring it up as these are pre-populated rules and the rules that i'm referring

rules and the rules that i'm referring to are with regards to the default vpc

to are with regards to the default vpc network and as explained earlier these

network and as explained earlier these rules can be deleted or modified as

rules can be deleted or modified as necessary the rules as you can see here

necessary the rules as you can see here in the table allow ingress connections

in the table allow ingress connections from any source to any instance on the

from any source to any instance on the network when it comes to icmp rdp on

network when it comes to icmp rdp on port 3389 for windows remote desktop

port 3389 for windows remote desktop protocol and for ssh on port 22. and as

protocol and for ssh on port 22. and as well the last rule allows ingress

well the last rule allows ingress connections for all protocols and ports

connections for all protocols and ports among instances in the network and it

among instances in the network and it permits incoming connections to vm

permits incoming connections to vm instances from others in the same

instances from others in the same network and all of these have a rule

network and all of these have a rule priority of six five five four which is

priority of six five five four which is the second to lowest priority so

the second to lowest priority so breaking down firewall rules there are a

breaking down firewall rules there are a few characteristics that google put in

few characteristics that google put in place that help define these rules and

place that help define these rules and the characteristics are as follows each

the characteristics are as follows each firewall rule applies to incoming or

firewall rule applies to incoming or outgoing connections

outgoing connections and not both firewall rules only support

and not both firewall rules only support ipv4 connections so when specifying a

ipv4 connections so when specifying a source for an ingress rule or a

source for an ingress rule or a destination for an egress rule by

destination for an egress rule by address

address you can only use an ipv4 address or ipv4

you can only use an ipv4 address or ipv4 block insider notation as well each

block insider notation as well each firewall rules action is either allow or

firewall rules action is either allow or deny you cannot have both at the same

deny you cannot have both at the same time and the rule applies to connections

time and the rule applies to connections as long as it is enforced so for example

as long as it is enforced so for example you can disable a rule for

you can disable a rule for troubleshooting purposes and then enable

troubleshooting purposes and then enable it back again now when you create a

it back again now when you create a firewall rule you must select a vpc

firewall rule you must select a vpc network while the rule is enforced at

network while the rule is enforced at the instance level its configuration is

the instance level its configuration is associated with a vpc network this means

associated with a vpc network this means you cannot share firewall rules among

you cannot share firewall rules among vpc networks including

vpc networks including networks connected by vpc network

networks connected by vpc network peering or by using cloud vpn tunnels

peering or by using cloud vpn tunnels another major thing to note about

another major thing to note about firewall rules is that they are stateful

firewall rules is that they are stateful and so that means when a connection is

and so that means when a connection is allowed through the firewall in either

allowed through the firewall in either direction return traffic matching this

direction return traffic matching this connection is also allowed you cannot

connection is also allowed you cannot configure a firewall rule to deny

configure a firewall rule to deny associated response traffic return

associated response traffic return traffic must match the five tuple of the

traffic must match the five tuple of the accepted request traffic but with the

accepted request traffic but with the source and destination addresses and

source and destination addresses and ports reversed so just as a note for

ports reversed so just as a note for those who may be wondering what a five

those who may be wondering what a five tuple is i was referring to the set of

tuple is i was referring to the set of five different values that comprise a

five different values that comprise a tcpip connection and this would be

tcpip connection and this would be source ip destination ip source port

source ip destination ip source port destination port and protocol google

destination port and protocol google cloud associates incoming packets with

cloud associates incoming packets with corresponding outbound packets by using

corresponding outbound packets by using a connection tracking table google cloud

a connection tracking table google cloud implements connection tracking

implements connection tracking regardless of whether the protocol

regardless of whether the protocol supports connections if a connection is

supports connections if a connection is allowed between a source and a target or

allowed between a source and a target or between a target and a destination all

between a target and a destination all response traffic is allowed as long as

response traffic is allowed as long as the firewalls connections tracking state

the firewalls connections tracking state is active and as well as a note a

is active and as well as a note a firewall rules tracking state is

firewall rules tracking state is considered active if at least one packet

considered active if at least one packet is sent every 10 minutes now along with

is sent every 10 minutes now along with the multiple characteristics that make

the multiple characteristics that make up a firewall rule there are also

up a firewall rule there are also firewall rule components that go along

firewall rule components that go along with it here i have a screenshot from

with it here i have a screenshot from the console with the configuration

the console with the configuration components of a firewall rule and i

components of a firewall rule and i wanted to take a moment to highlight

wanted to take a moment to highlight these components for better clarity so

these components for better clarity so now the first component is the network

now the first component is the network and this is the vpc network that you

and this is the vpc network that you want the firewall rule to apply to the

want the firewall rule to apply to the next one is priority which we discussed

next one is priority which we discussed earlier and this is the numerical

earlier and this is the numerical priority which determines whether the

priority which determines whether the rule is applied as only the highest

rule is applied as only the highest priority rule whose other components

priority rule whose other components match traffic is applied and remember

match traffic is applied and remember the lower the number the higher the

the lower the number the higher the priority the higher the number the lower

priority the higher the number the lower the priority now the next component is

the priority now the next component is the direction of traffic and these are

the direction of traffic and these are the ingress rules that apply to incoming

the ingress rules that apply to incoming connections from specified sources to

connections from specified sources to google cloud targets and this is where

google cloud targets and this is where ingress rules apply to incoming

ingress rules apply to incoming connections from specified sources to

connections from specified sources to google cloud targets

google cloud targets and egress rules apply to connections

and egress rules apply to connections going to specify destinations from

going to specify destinations from targets and the next one up is action on

targets and the next one up is action on match and this component either allows

match and this component either allows or denies which determines whether the

or denies which determines whether the rule permits or blocks the connection

rule permits or blocks the connection now a target is what defines which

now a target is what defines which instances to which the rule applies and

instances to which the rule applies and you can specify a target by using one of

you can specify a target by using one of the following three options the first

the following three options the first option

option are all instances in the network and

are all instances in the network and this is the firewall rule that does

this is the firewall rule that does exactly what it says it applies to all

exactly what it says it applies to all the instances in the network the second

the instances in the network the second option is instances by target tags and

option is instances by target tags and this is where the firewall rule applies

this is where the firewall rule applies only to instances with a matching

only to instances with a matching network tag and so i know i haven't

network tag and so i know i haven't explained it earlier but a network tag

explained it earlier but a network tag is simply a character string added to a

is simply a character string added to a tags field in a resource so let's say i

tags field in a resource so let's say i had a bunch of instances that were

had a bunch of instances that were considered development i can simply

considered development i can simply throw a network tag on them using a

throw a network tag on them using a network tag of dev and apply the

network tag of dev and apply the necessary firewall rule for all the

necessary firewall rule for all the development servers holding the network

development servers holding the network tag dev and so the third option is

tag dev and so the third option is instances by target service accounts

instances by target service accounts this is where the firewall rule applies

this is where the firewall rule applies only to instances that use a specific

only to instances that use a specific service account and so the next

service account and so the next component is the source filter and this

component is the source filter and this is a source for ingress rules or a

is a source for ingress rules or a destination for egress rules the source

destination for egress rules the source parameter is only applicable to ingress

parameter is only applicable to ingress rules and it must be one of the

rules and it must be one of the following three selections source ip

following three selections source ip ranges and this is where you specify

ranges and this is where you specify ranges of ip addresses as sources for

ranges of ip addresses as sources for packets either inside or outside of

packets either inside or outside of google cloud the second one is source

google cloud the second one is source tags and this is where the source

tags and this is where the source instances are identified by a matching

instances are identified by a matching network tag and source service accounts

network tag and source service accounts where source instances

where source instances are identified by the service accounts

are identified by the service accounts they use you can also use service

they use you can also use service accounts to create firewall rules that

accounts to create firewall rules that are a bit more granular and so one of

are a bit more granular and so one of the last components of the firewall rule

the last components of the firewall rule is the protocols and ports you can

is the protocols and ports you can specify a protocol or a combination of

specify a protocol or a combination of protocols and their ports if you omit

protocols and their ports if you omit both protocols and ports the firewall

both protocols and ports the firewall rule is applicable for all traffic on

rule is applicable for all traffic on any protocol and any port and so when it

any protocol and any port and so when it comes to enforcement status of the

comes to enforcement status of the firewall rule there is a drop down right

firewall rule there is a drop down right underneath all the components where you

underneath all the components where you can enable or disable the enforcement

can enable or disable the enforcement and as i said before this is a great way

and as i said before this is a great way to enable or disable a firewall rule

to enable or disable a firewall rule without having to delete it and is great

without having to delete it and is great for troubleshooting or to grant

for troubleshooting or to grant temporary access to any instances and

temporary access to any instances and unless you specify otherwise

unless you specify otherwise all firewall rules are enabled when they

all firewall rules are enabled when they are created but you can also choose to

are created but you can also choose to create a rule in a disabled state and so

create a rule in a disabled state and so this covers the vpc firewall rules in

this covers the vpc firewall rules in all its entirety and i will be showing

all its entirety and i will be showing you how to implement vpc firewall rules

you how to implement vpc firewall rules along with building a custom vpc

along with building a custom vpc custom routes

custom routes and even private google access

and even private google access all together in a demo following this

all together in a demo following this lesson to give you some hands-on skills

lesson to give you some hands-on skills of putting it all into practice and so

of putting it all into practice and so that's pretty much all i wanted to cover

that's pretty much all i wanted to cover when it comes to vpc firewall rules so

when it comes to vpc firewall rules so you can now mark this lesson as complete

you can now mark this lesson as complete and let's move on to the next one where

and let's move on to the next one where we dive in and build our custom vpc so

we dive in and build our custom vpc so now is a perfect time to grab a coffee

now is a perfect time to grab a coffee or tea and whenever you're ready join me

or tea and whenever you're ready join me in the console

welcome back in this demonstration i want to take all

in this demonstration i want to take all the concepts that we've learned so far

the concepts that we've learned so far in this networking section and put it

in this networking section and put it all into practice this diagram shown

all into practice this diagram shown here is the architecture of exactly what

here is the architecture of exactly what we will be building in this demo we're

we will be building in this demo we're going to start by creating a custom vpc

going to start by creating a custom vpc and then we're going to create two

and then we're going to create two subnets

subnets one public and one private

one public and one private in two separate regions we're then going

in two separate regions we're then going to create a cloud storage bucket with

to create a cloud storage bucket with some objects in it and then we will

some objects in it and then we will create some instances to demonstrate

create some instances to demonstrate access to cloud storage as well as

access to cloud storage as well as communication between instances and

communication between instances and finally we're going to create some

finally we're going to create some firewall rules for routing traffic to

firewall rules for routing traffic to all the right places we're also going to

all the right places we're also going to implement private google access

implement private google access and demonstrate accessibility to the

and demonstrate accessibility to the files in cloud storage from the private

files in cloud storage from the private instance without an external ip so this

instance without an external ip so this may be a little bit out of your comfort

may be a little bit out of your comfort zone for some

zone for some but don't worry i'll be with you every

but don't worry i'll be with you every step of the way and other than creating

step of the way and other than creating the instances all the steps here have

the instances all the steps here have been covered in previous lessons now

been covered in previous lessons now there's a lot to get done here so

there's a lot to get done here so whenever you're ready join me in the

whenever you're ready join me in the console and so here we are back in the

console and so here we are back in the console and as you can see up here in

console and as you can see up here in the right hand corner i am logged in as

the right hand corner i am logged in as tony bowtie ace gmail.com and currently

tony bowtie ace gmail.com and currently i am logged in under project tony and so

i am logged in under project tony and so in order to start off on a clean slate

in order to start off on a clean slate i'm going to create a new project and so

i'm going to create a new project and so i'm going to simply click on the project

i'm going to simply click on the project menu drop-down and click on new project

menu drop-down and click on new project i'm going to call this project

i'm going to call this project bowtie inc and i don't have any

bowtie inc and i don't have any organizations so i'm going to simply

organizations so i'm going to simply click on create and as well for those of

click on create and as well for those of you doing this lesson i would also

you doing this lesson i would also recommend for you to create a brand new

recommend for you to create a brand new project so that you can start off anew

project so that you can start off anew again i'm going to go over to the

again i'm going to go over to the project drop down and i'm going to

project drop down and i'm going to select bow tie ink as the project and

select bow tie ink as the project and now that i have a fresh new project i

now that i have a fresh new project i can now create my vpc network so i'm

can now create my vpc network so i'm going to go over to the left hand corner

going to go over to the left hand corner to the navigation menu and i'm going to

to the navigation menu and i'm going to scroll down to vpc network and so

scroll down to vpc network and so because vpc networks are tied in with

because vpc networks are tied in with the compute engine api

the compute engine api we need to enable it before we can

we need to enable it before we can create any vpc networks so you can go

create any vpc networks so you can go ahead and enable this api so once this

ahead and enable this api so once this api has finished and is enabled we'll be

api has finished and is enabled we'll be able to create our vpc network

able to create our vpc network ok and the api has been enabled and as

ok and the api has been enabled and as you can see the default vpc network has

you can see the default vpc network has been created with a subnet in every

been created with a subnet in every region along with its corresponding ip

region along with its corresponding ip address ranges and so for this demo

address ranges and so for this demo we're going to create a brand new vpc

we're going to create a brand new vpc network along with some custom subnets

network along with some custom subnets and so in order to do that i'm going to

and so in order to do that i'm going to go up here to the top and i'm going to

go up here to the top and i'm going to click on create vpc network and so here

click on create vpc network and so here i'm prompted with some fields to fill

i'm prompted with some fields to fill out

out so under name i'm going to think of a

so under name i'm going to think of a creative name that i can call my vpc

creative name that i can call my vpc network so i'm going to simply call it

network so i'm going to simply call it custom under description i'm going to

custom under description i'm going to call this custom

call this custom vpc network and i'm going to move down

vpc network and i'm going to move down here to subnets and because i'm creating

here to subnets and because i'm creating custom subnets i'm going to keep it

custom subnets i'm going to keep it under custom under subnet creation mode

under custom under subnet creation mode and so i'm going to need a public subnet

and so i'm going to need a public subnet and a private subnet and you'll be able

and a private subnet and you'll be able to get the values from the text file in

to get the values from the text file in the github repository within the sub

the github repository within the sub networks folder under networking

networks folder under networking services and so i'm going to create my

services and so i'm going to create my public subnet first and i'm going to

public subnet first and i'm going to simply call the public subnet public for

simply call the public subnet public for region i'm going to use us east one and

region i'm going to use us east one and the ip address range will be 10.0.0.0

the ip address range will be 10.0.0.0 forward slash 24 and i'm going to leave

forward slash 24 and i'm going to leave private google access off and i'm going

private google access off and i'm going to simply click on done and now i can

to simply click on done and now i can create the private subnet so underneath

create the private subnet so underneath the public subnet you'll see add subnet

the public subnet you'll see add subnet you can simply click on that and the

you can simply click on that and the name of the new subnet will be as you

name of the new subnet will be as you guessed it private under region i'm

guessed it private under region i'm going to use us east 4 and for the ip

going to use us east 4 and for the ip address range

address range be sure to use 10.0.5.0.24

and we're going to leave private google access off for now and we'll be turning

access off for now and we'll be turning that on a little bit later in the demo

that on a little bit later in the demo and so you can now click on done and

and so you can now click on done and before we click on create we want to

before we click on create we want to enable the dns api and clicking on

enable the dns api and clicking on enable will bring you to the dns api

enable will bring you to the dns api home page and you can click on enable to

home page and you can click on enable to enable the api okay so now that we have

enable the api okay so now that we have our network configured along with our

our network configured along with our public and private subnets as well as

public and private subnets as well as dns being enabled we can now simply

dns being enabled we can now simply click on create but before i do that i

click on create but before i do that i wanted to give you some insight with

wanted to give you some insight with regards to the command line so as i've

regards to the command line so as i've shared before everything that can be

shared before everything that can be done in the console can be done through

done in the console can be done through the command line and so if ever you

the command line and so if ever you wanted to do that or you wanted to get

wanted to do that or you wanted to get to know the command line a little bit

to know the command line a little bit better

better after filling out all the fields with

after filling out all the fields with regards to creating resources in the

regards to creating resources in the console you will be given the option of

console you will be given the option of a command line link that you can simply

a command line link that you can simply click on and here you will be given all

click on and here you will be given all the commands to create all the same

the commands to create all the same resources with all the same preferences

resources with all the same preferences through the command line and i will be

through the command line and i will be providing these commands in the lesson

providing these commands in the lesson text so that you can familiarize

text so that you can familiarize yourself with the commands to use in

yourself with the commands to use in order to build any networks using the

order to build any networks using the command line but this is a great

command line but this is a great reference for you to use at any time and

reference for you to use at any time and so i'm going to click on close

so i'm going to click on close and now i'm going to click on create

and now i'm going to click on create and within a minute or two the custom

and within a minute or two the custom vpc network will be created and ready to

vpc network will be created and ready to use okay and the custom vpc network has

use okay and the custom vpc network has been created along with its public and

been created along with its public and private subnet and so just to get a

private subnet and so just to get a little bit more insight with this custom

little bit more insight with this custom vpc network i'm going to drill down into

vpc network i'm going to drill down into it

it and as you can see here the subnets are

and as you can see here the subnets are respectively labeled private and public

respectively labeled private and public along with its region ip address range

along with its region ip address range the gateway and private google access

the gateway and private google access the routes as you can see here are the

the routes as you can see here are the system generated routes that i had

system generated routes that i had discussed in an earlier lesson it has

discussed in an earlier lesson it has both the subnet routes to its respective

both the subnet routes to its respective ip range along with the default route

ip range along with the default route with a path to the internet as well as a

with a path to the internet as well as a path for private google access now we

path for private google access now we don't have any firewall rules here yet

don't have any firewall rules here yet but we'll be adding those in just a few

but we'll be adding those in just a few minutes and so now that you've created

minutes and so now that you've created the vpc network with its respective

the vpc network with its respective subnets we're going to head on over to

subnets we're going to head on over to cloud storage and create a bucket along

cloud storage and create a bucket along with uploading the necessary files so

with uploading the necessary files so i'm going to go again over to the

i'm going to go again over to the navigation menu

navigation menu and i'm going to scroll down to storage

and i'm going to scroll down to storage and so as expected there are no buckets

and so as expected there are no buckets present here in cloud storage and so

present here in cloud storage and so we're just going to go ahead and create

we're just going to go ahead and create our first bucket by going up here to the

our first bucket by going up here to the top menu and clicking on create bucket

top menu and clicking on create bucket and so here i've been prompted to name

and so here i've been prompted to name my bucket and for those of you who are

my bucket and for those of you who are here for the first time when it comes to

here for the first time when it comes to naming a storage bucket the name needs

naming a storage bucket the name needs to be globally unique and this means

to be globally unique and this means that the name has to be unique across

that the name has to be unique across all of the google cloud platform now

all of the google cloud platform now don't worry i'm going to get into

don't worry i'm going to get into further detail with this in the cloud

further detail with this in the cloud storage lesson with all of these

storage lesson with all of these specific details when it comes to names

specific details when it comes to names storage classes and permissions and so

storage classes and permissions and so in the meantime you can come up with a

in the meantime you can come up with a name for your bucket something that

name for your bucket something that resonates with you and so for me i'm

resonates with you and so for me i'm going to name my bucket bowtie inc dash

going to name my bucket bowtie inc dash file dash access and so now i'm going to

file dash access and so now i'm going to simply click continue and so just as a

simply click continue and so just as a note for those who are unable to

note for those who are unable to continue through it is because the name

continue through it is because the name for your bucket is not globally unique

for your bucket is not globally unique so do try to find one that is now when

so do try to find one that is now when it comes to location type i'm just going

it comes to location type i'm just going to click on region and you can keep the

to click on region and you can keep the default location as used one and i'm

default location as used one and i'm going to leave all the other options as

going to leave all the other options as default and i'm going to go down to the

default and i'm going to go down to the bottom and click create and so for those

bottom and click create and so for those of you who have created your bucket you

of you who have created your bucket you can now upload the files and those files

can now upload the files and those files can be found in the github repository

can be found in the github repository in the cloud storage bucket folder under

in the cloud storage bucket folder under networking services and so now i'm going

networking services and so now i'm going to click on upload files

to click on upload files and under the networking services

and under the networking services section under cloud storage bucket you

section under cloud storage bucket you will find these three jpeg files and you

will find these three jpeg files and you can simply select them and click on open

can simply select them and click on open and so they are now uploaded into the

and so they are now uploaded into the bucket and so now i'm ready to move on

bucket and so now i'm ready to move on to the next step so you should now have

to the next step so you should now have created the vpc network with a private

created the vpc network with a private and public subnet along with creating

and public subnet along with creating your own bucket in cloud storage and

your own bucket in cloud storage and have uploaded the three jpeg files so

have uploaded the three jpeg files so now that this is done we can now create

now that this is done we can now create the instances

the instances that will have access to these files and

that will have access to these files and so again i will go over to the

so again i will go over to the navigation menu in the top left hand

navigation menu in the top left hand corner and scroll down to compute engine

corner and scroll down to compute engine and here i will click on create

and here i will click on create and so again i will be prompted with

and so again i will be prompted with some fields to fill out and so for this

some fields to fill out and so for this instance i'm going to first create the

instance i'm going to first create the public instance again i'm going to get

public instance again i'm going to get really creative and call this

really creative and call this public dash instance under labels i'm

public dash instance under labels i'm going to add a label

going to add a label under key

under key i'm going to type environment and under

i'm going to type environment and under value i'm going to type in public i'm

value i'm going to type in public i'm going to go down to the bottom and click

going to go down to the bottom and click on save and under region i'm going to

on save and under region i'm going to select us east1 and you can leave the

select us east1 and you can leave the zone as us east 1b moving down under

zone as us east 1b moving down under machine type i'm going to select the e2

machine type i'm going to select the e2 micro as the machine type just because

micro as the machine type just because i'm being cost conscious and i want to

i'm being cost conscious and i want to keep the cost down and so i'm going to

keep the cost down and so i'm going to scroll down to identity and api access

scroll down to identity and api access and under service account you should

and under service account you should have the compute engine default service

have the compute engine default service account already pre-selected now under

account already pre-selected now under access scopes i want to be able to have

access scopes i want to be able to have the proper permissions to be able to

the proper permissions to be able to read and write to cloud storage along

read and write to cloud storage along with read and write access to compute

with read and write access to compute engine and so you can click on set

engine and so you can click on set access for each api and you can scroll

access for each api and you can scroll down to compute engine

down to compute engine click on the drop down menu and select

click on the drop down menu and select read write and this will give the public

read write and this will give the public instance the specific access that it

instance the specific access that it needs to ssh into the private instance

needs to ssh into the private instance and so now i'm going to set the access

and so now i'm going to set the access for cloud storage so i'm going to scroll

for cloud storage so i'm going to scroll down to storage i'm going to click on

down to storage i'm going to click on the drop down menu and select read write

the drop down menu and select read write and this will give the instance read

and this will give the instance read write access to cloud storage scrolling

write access to cloud storage scrolling down a little bit further i'm going to

down a little bit further i'm going to go to management security disks

go to management security disks networking and sold tenancy and i'm

networking and sold tenancy and i'm going to click on that

going to click on that scroll up here just a little bit

scroll up here just a little bit and you can click on the networking tab

and you can click on the networking tab which will prompt you for a bunch of

which will prompt you for a bunch of options that you can configure for the

options that you can configure for the networking of the instance so under

networking of the instance so under network tags i want to type in public

network tags i want to type in public and you can click enter you can then

and you can click enter you can then scroll down to where it says network

scroll down to where it says network interfaces and click on the current

interfaces and click on the current interface which is the default and here

interface which is the default and here it'll open up all your options and so

it'll open up all your options and so under network you want to click on the

under network you want to click on the drop down and set it from default to

drop down and set it from default to custom the public subnet will

custom the public subnet will automatically be propagated so you can

automatically be propagated so you can leave it as is and you also want to make

leave it as is and you also want to make sure that your primary internal ip

sure that your primary internal ip as well as your external ip are set to

as well as your external ip are set to ephemeral and you can leave all the

ephemeral and you can leave all the other options as default and simply

other options as default and simply click on done and again before clicking

click on done and again before clicking on create you can click on the command

on create you can click on the command line link and it will show you all the

line link and it will show you all the commands needed in order to create this

commands needed in order to create this instance through the command line so i'm

instance through the command line so i'm going to go ahead and close this

going to go ahead and close this and so i'm going to leave all the other

and so i'm going to leave all the other options as default and i'm going to

options as default and i'm going to click on create and so now that my

click on create and so now that my public instance is being created i'm

public instance is being created i'm going to go ahead and create my private

going to go ahead and create my private instance

instance using the same steps that i did for the

using the same steps that i did for the last instance so i'm going to go ahead

last instance so i'm going to go ahead and click on create instance here at the

and click on create instance here at the top and so the first thing i'm going to

top and so the first thing i'm going to be prompted for is the name of the

be prompted for is the name of the instance

instance and so i'm going to call this instance

and so i'm going to call this instance private dash instance and here i'm going

private dash instance and here i'm going to add a label the key being environment

to add a label the key being environment and the value being private i'm going to

and the value being private i'm going to go down here to the bottom and click on

go down here to the bottom and click on save

save and under region i'm going to select us

and under region i'm going to select us east 4

east 4 and you can keep the zone as the default

and you can keep the zone as the default selected under machine type we're going

selected under machine type we're going to select the e2 micro and again

to select the e2 micro and again scrolling down to the identity and api

scrolling down to the identity and api access under the access scopes for the

access under the access scopes for the default service account i'm going to

default service account i'm going to click on the set access for each api and

click on the set access for each api and i'm going to scroll down to storage i'm

i'm going to scroll down to storage i'm going to click on the drop down menu and

going to click on the drop down menu and i'm going to select access for read

i'm going to select access for read write and for the last step i'm going to

write and for the last step i'm going to go into the networking tab under

go into the networking tab under management security disks networking and

management security disks networking and soul tenancy and under network tags i'm

soul tenancy and under network tags i'm going to give this instance a network

going to give this instance a network tag of private and under network

tag of private and under network interfaces we want to edit this and

interfaces we want to edit this and change it from default over to the

change it from default over to the custom network and as expected it

custom network and as expected it selected the private subnet by default

selected the private subnet by default and because this is going to be a

and because this is going to be a private instance we are not going to

private instance we are not going to give this an external ip so i'm going to

give this an external ip so i'm going to click on the drop down and select none

click on the drop down and select none and with all the other options set as

and with all the other options set as default i'm going to simply click on

default i'm going to simply click on create

create and this will create my private instance

and this will create my private instance along with having my public instance so

along with having my public instance so just as a recap we've created a new

just as a recap we've created a new custom vpc network

custom vpc network along with a private and public subnet

along with a private and public subnet we've created a storage bucket and added

we've created a storage bucket and added some files in it to be accessed and

some files in it to be accessed and we've created a private and public

we've created a private and public instance and assigning the service

instance and assigning the service account on the public instance read

account on the public instance read write access to both compute engine and

write access to both compute engine and cloud storage along with a public ip

cloud storage along with a public ip address and assigning the service

address and assigning the service account on the private instance read

account on the private instance read write access only for cloud storage and

write access only for cloud storage and no public ip and so this is the end of

no public ip and so this is the end of part one of this demo

part one of this demo and this would be a great opportunity

and this would be a great opportunity for you to get up and have a stretch

for you to get up and have a stretch get yourself a coffee or tea

get yourself a coffee or tea and whenever you're ready you can join

and whenever you're ready you can join me in part two

me in part two where we will be starting immediately

where we will be starting immediately from the end of part one so you can go

from the end of part one so you can go ahead and complete this video and i will

ahead and complete this video and i will see you in part two

see you in part two [Music]

[Music] welcome back

welcome back this is part two of the custom vpc demo

this is part two of the custom vpc demo and we will be starting exactly where we

and we will be starting exactly where we left off from part one so with that

left off from part one so with that being said let's dive in and so now the

being said let's dive in and so now the last thing that needs to be done is to

last thing that needs to be done is to simply create some firewall rules and so

simply create some firewall rules and so with these firewall rules this will give

with these firewall rules this will give me ssh access into the public instance

me ssh access into the public instance as well as allowing private

as well as allowing private communication from the public instance

communication from the public instance to the private instance as well as

to the private instance as well as giving ssh access

giving ssh access from the public instance to the private

from the public instance to the private instance and this will allow us to

instance and this will allow us to access the files in the bucket from the

access the files in the bucket from the private instance and so in order to

private instance and so in order to create these firewall rules i need to go

create these firewall rules i need to go back to my vpc network so i'm going to

back to my vpc network so i'm going to go up to the left hand corner again to

go up to the left hand corner again to the navigation menu

the navigation menu and scroll down to vpc network over here

and scroll down to vpc network over here on the left hand menu you'll see

on the left hand menu you'll see firewall i'm going to click on that

firewall i'm going to click on that and here you will see all the default

and here you will see all the default firewall rules for the default network

firewall rules for the default network so for us to create some new ones for

so for us to create some new ones for the custom vpc i'm going to go up here

the custom vpc i'm going to go up here to the top and click on create firewall

to the top and click on create firewall and so the first rule i want to create

and so the first rule i want to create is for my public instance and i want to

is for my public instance and i want to give it public access as well as ssh

give it public access as well as ssh access and so i'm going to name this

access and so i'm going to name this accordingly as public dash access i'm

accordingly as public dash access i'm going to give this the same description

going to give this the same description always a good idea to turn on logs but

always a good idea to turn on logs but for this demonstration i'm going to keep

for this demonstration i'm going to keep them off under network i'm going to

them off under network i'm going to select the custom network i'm going to

select the custom network i'm going to keep the priority at 1000 the direction

keep the priority at 1000 the direction of traffic will be ingress and the

of traffic will be ingress and the action on match will be allow and so

action on match will be allow and so here is where the target tags come into

here is where the target tags come into play when it comes to giving access to

play when it comes to giving access to the network so targets we're going to

the network so targets we're going to keep it as specified target tags

keep it as specified target tags and under target tags you can simply

and under target tags you can simply type in public

type in public under source filter you can keep it

under source filter you can keep it under ip ranges

under ip ranges and the source ip range will be 0.0.0.0

and the source ip range will be 0.0.0.0 forward slash 0. and we're not going to

forward slash 0. and we're not going to add a second source filter here so

add a second source filter here so moving down to protocols and ports under

moving down to protocols and ports under tcp i'm going to click that off and add

tcp i'm going to click that off and add in port 22. and because i want to be

in port 22. and because i want to be able to ping the instance i'm going to

able to ping the instance i'm going to have to add another protocol which is

have to add another protocol which is icmp

icmp and again as explained earlier the

and again as explained earlier the disable rule link will bring up the

disable rule link will bring up the enforcement and as you can see it is

enforcement and as you can see it is enabled but if you wanted to create any

enabled but if you wanted to create any firewall rules in future and have them

firewall rules in future and have them disabled you can do that right here but

disabled you can do that right here but we're gonna keep this enabled and we're

we're gonna keep this enabled and we're gonna simply click on create and this

gonna simply click on create and this will create the public firewall rule for

will create the public firewall rule for our public instance in our custom vpc

our public instance in our custom vpc network and so we're going to now go

network and so we're going to now go ahead and create the private firewall

ahead and create the private firewall rule and so i'm going to name this

rule and so i'm going to name this private dash access

private dash access respectively i'm going to put the

respectively i'm going to put the description as the same under network

description as the same under network i'm going to select our custom network

i'm going to select our custom network keep the priority at 1000 direction of

keep the priority at 1000 direction of traffic should be at ingress and the

traffic should be at ingress and the action on match should be allow for

action on match should be allow for target tags you can type in private and

target tags you can type in private and then hit enter and because i want to be

then hit enter and because i want to be able to reach the private instance from

able to reach the private instance from the public instance the source ip range

the public instance the source ip range will be

will be 10.0.0.1

10.0.0.1 forward slash 24. we're not going to add

forward slash 24. we're not going to add a second source filter and under

a second source filter and under protocols and ports we're going to

protocols and ports we're going to simply add tcp port 22

simply add tcp port 22 and again i want to add icmp

and again i want to add icmp so that i'm able to ping the instance

so that i'm able to ping the instance and i'm going to click on create

and i'm going to click on create and so we now have our two firewall

and so we now have our two firewall rules private access and public access

rules private access and public access and if i go over to the custom vpc

and if i go over to the custom vpc network and i drill into it

network and i drill into it i'll be able to see these selective

i'll be able to see these selective firewall rules under the respective

firewall rules under the respective firewall rules tab and so now that we've

firewall rules tab and so now that we've created our vpc network along with the

created our vpc network along with the public and private subnet we've created

public and private subnet we've created the cloud storage bucket with the files

the cloud storage bucket with the files that we need to access the instances

that we need to access the instances that will access those files along with

that will access those files along with the firewall rules that will allow the

the firewall rules that will allow the proper communication we can now go ahead

proper communication we can now go ahead to test everything that we built and

to test everything that we built and make sure that everything is working as

make sure that everything is working as expected so let's kick things off by

expected so let's kick things off by first logging into the public instance

first logging into the public instance so you can head on over to the

so you can head on over to the navigation menu and scroll down to

navigation menu and scroll down to compute engine

compute engine and you can ssh into the public instance

and you can ssh into the public instance by clicking on ssh under connect

by clicking on ssh under connect and this should open up a new tab or a

and this should open up a new tab or a new window logging you in with your

new window logging you in with your currently authenticated credentials okay

currently authenticated credentials okay and we are logged into our instance and

and we are logged into our instance and i'm going to zoom in for better viewing

i'm going to zoom in for better viewing and so just to make sure that everything

and so just to make sure that everything is working as expected we know that our

is working as expected we know that our firewall rule is correct because we are

firewall rule is correct because we are able to ssh into the instance and now i

able to ssh into the instance and now i want to see if i have access to my files

want to see if i have access to my files in the bucket and so in order to do that

in the bucket and so in order to do that i'm going to run the gsutil command ls

i'm going to run the gsutil command ls for list and then gs colon forward slash

for list and then gs colon forward slash forward slash along with my bucket name

forward slash along with my bucket name which is bow tie inc

hyphen file iphone access and i'm going to hit enter and as you can see i have

to hit enter and as you can see i have access to all the files in the bucket

access to all the files in the bucket and the last thing i wanted to check is

and the last thing i wanted to check is if i can ping the private instance so

if i can ping the private instance so i'm going to first clear my screen and

i'm going to first clear my screen and i'm going to head on over back to the

i'm going to head on over back to the console i'm going to copy the ip address

console i'm going to copy the ip address of the private instance to my clipboard

of the private instance to my clipboard and then i'm going to head back on over

and then i'm going to head back on over to my terminal and i'm going to type in

to my terminal and i'm going to type in ping i'm going to paste the ip address

ping i'm going to paste the ip address and success

and success i am able to successfully ping the

i am able to successfully ping the private instance

private instance from the public instance

from the public instance using the icmp protocol and you can hit

using the icmp protocol and you can hit control c to stop the ping so now that i

control c to stop the ping so now that i know that my public instance has the

know that my public instance has the proper permissions to reach cloud

proper permissions to reach cloud storage

storage as well as being able to ping my private

as well as being able to ping my private instance i want to be able to check if i

instance i want to be able to check if i can ssh

can ssh into the private instance from my public

into the private instance from my public instance and so i'm going to first clear

instance and so i'm going to first clear my screen and next i'm going to paste in

my screen and next i'm going to paste in this command in order for me to ssh into

this command in order for me to ssh into the private instance g cloud compute ssh

the private instance g cloud compute ssh dash dash project and my project name

dash dash project and my project name which is bow tie inc dash dash zone and

which is bow tie inc dash dash zone and the zone that my instance is in which is

the zone that my instance is in which is us east 4c along with the name of the

us east 4c along with the name of the instance which is private dash instance

instance which is private dash instance and along with the flag dash dash

and along with the flag dash dash internal dash ip stating that i am using

internal dash ip stating that i am using the internal ip in order to ssh into the

the internal ip in order to ssh into the instance and i'm going to hit enter and

instance and i'm going to hit enter and so now i've been prompted for a

so now i've been prompted for a passphrase in order to secure my rsa key

passphrase in order to secure my rsa key pair as one is being generated to log

pair as one is being generated to log into the private instance now it's

into the private instance now it's always good practice when it comes to

always good practice when it comes to security to secure your key pair with a

security to secure your key pair with a passphrase but for this demo i'm just

passphrase but for this demo i'm just going to leave it blank

going to leave it blank and so i'm just going to hit enter

and so i'm just going to hit enter i'm going to hit enter again

i'm going to hit enter again now i don't want to get too deep into it

now i don't want to get too deep into it but i did want to give you some context

but i did want to give you some context on what's happening here so when you log

on what's happening here so when you log into an instance on google cloud with os

into an instance on google cloud with os login disabled google manages the

authorized keys file for new user accounts based on ssh keys

for new user accounts based on ssh keys in metadata and so the keys that are

in metadata and so the keys that are being generated that are being used for

being generated that are being used for the first time are currently being

the first time are currently being stored within the instance metadata so

stored within the instance metadata so now that i'm logged into my private

now that i'm logged into my private instance i'm going to quickly clear my

instance i'm going to quickly clear my screen and just as a note you'll be able

screen and just as a note you'll be able to know whether or not you're logged

to know whether or not you're logged into your private instance by looking

into your private instance by looking here at your prompt and so now i want to

here at your prompt and so now i want to make sure that i can ping my public

make sure that i can ping my public instance so i'm going to quickly type

instance so i'm going to quickly type the ping command i'm going to head on

the ping command i'm going to head on over to the console i'm going to grab

over to the console i'm going to grab the ip address of the public instance

the ip address of the public instance i'm going to go back to my terminal and

i'm going to go back to my terminal and paste it in and as expected i'm able to

paste it in and as expected i'm able to ping my public instance from my private

ping my public instance from my private instance i'm just going to go ahead and

instance i'm just going to go ahead and hit control c to stop and i'm going to

hit control c to stop and i'm going to clear the screen so now we'd like to

clear the screen so now we'd like to verify whether or not we have access to

verify whether or not we have access to the files in the cloud storage bucket

the files in the cloud storage bucket that we created earlier

that we created earlier and so now i'm going to use the same

and so now i'm going to use the same command

command that i used in the public instance to

that i used in the public instance to list all the files in the cloud storage

list all the files in the cloud storage bucket so i'm going to use the gsutil

bucket so i'm going to use the gsutil command ls for list along with gs colon

command ls for list along with gs colon forward slash forward slash and the

forward slash forward slash and the bucket name which is bow tie ink hyphen

bucket name which is bow tie ink hyphen file if an access and i'm going to hit

file if an access and i'm going to hit enter

enter and as you can see here i'm not getting

and as you can see here i'm not getting a response and the command is hanging

a response and the command is hanging and this is due to the fact that

and this is due to the fact that external access is needed in order to

external access is needed in order to reach cloud storage and this instance

reach cloud storage and this instance only has an internal or private ip so

only has an internal or private ip so accessing the files in the cloud storage

accessing the files in the cloud storage bucket is not possible now in order to

bucket is not possible now in order to access cloud storage and the set of

access cloud storage and the set of external ip addresses used by google

external ip addresses used by google apis and services we can do this by

apis and services we can do this by enabling private google access on the

enabling private google access on the subnet used by the vms network interface

subnet used by the vms network interface and so we're going to go ahead and do

and so we're going to go ahead and do that right now so i'm going to hit

that right now so i'm going to hit control c to stop and i'm going to go

control c to stop and i'm going to go back into the console i'm going to go to

back into the console i'm going to go to the navigation menu and i'm going to

the navigation menu and i'm going to scroll down to vpc network

scroll down to vpc network and then i'm going to drill down into

and then i'm going to drill down into the private subnet and i'm going to edit

the private subnet and i'm going to edit it under private google access i'm going

it under private google access i'm going to turn it on and i'm going to go down

to turn it on and i'm going to go down to the bottom and click on save and by

to the bottom and click on save and by giving this subnet private google access

giving this subnet private google access i will allow the private instance and

i will allow the private instance and any instances with private ip addresses

any instances with private ip addresses to access any public apis

to access any public apis such as cloud storage so now when i go

such as cloud storage so now when i go back to my instance i'm going to clear

back to my instance i'm going to clear the screen here and i'm going to run the

the screen here and i'm going to run the gsutil command again

gsutil command again and success

and success we are now able to access cloud storage

we are now able to access cloud storage due to enabling private google access on

due to enabling private google access on the respective private subnet

the respective private subnet so i first wanted to congratulate you on

so i first wanted to congratulate you on making it to the end of this demo

making it to the end of this demo and hope that this demo has been

and hope that this demo has been extremely useful as this is a real life

extremely useful as this is a real life scenario that can come up and so just as

scenario that can come up and so just as a recap you've created a custom network

a recap you've created a custom network with two custom subnets you've created a

with two custom subnets you've created a cloud storage bucket and uploaded some

cloud storage bucket and uploaded some files to it you've created a public

files to it you've created a public instance and a private instance and then

instance and a private instance and then created some firewall rules to route the

created some firewall rules to route the traffic you then tested it all by using

traffic you then tested it all by using the command line for communication you

the command line for communication you also enable private google access for

also enable private google access for the instance with only the internal ip

the instance with only the internal ip to access google's public apis so that

to access google's public apis so that it can access cloud storage and so again

it can access cloud storage and so again fantastic job on your part as this was a

fantastic job on your part as this was a pretty complex demo

pretty complex demo and you can expect things like what

and you can expect things like what you've experienced in this demo to pop

you've experienced in this demo to pop up in your role of being a cloud

up in your role of being a cloud engineer at any time so before you go be

engineer at any time so before you go be sure to delete all the resources you've

sure to delete all the resources you've created

created and again congrats on the great job so

and again congrats on the great job so you can now mark this as complete and

you can now mark this as complete and i'll see you in the next one

welcome back in this lesson i will be going over vpc network peering and how

going over vpc network peering and how you can privately communicate across

you can privately communicate across vpcs in the same or different

vpcs in the same or different organization vpc network peering and vpc

organization vpc network peering and vpc peering are used interchangeably in this

peering are used interchangeably in this lesson as they are used to communicate

lesson as they are used to communicate the same thing now for instances in one

the same thing now for instances in one vpc to communicate with an instance in

vpc to communicate with an instance in another vpc they would route traffic via

another vpc they would route traffic via the public internet however to

the public internet however to communicate privately between two vpcs

communicate privately between two vpcs google cloud offers a service called vpc

google cloud offers a service called vpc peering and i will be going through the

peering and i will be going through the theory and concepts of vpc peering

theory and concepts of vpc peering throughout this lesson so with that

throughout this lesson so with that being said let's dive in

being said let's dive in now vpc peering enables you to peer vpc

now vpc peering enables you to peer vpc networks

networks so that workloads in different vpc

so that workloads in different vpc networks can communicate in a private

networks can communicate in a private space that follows the rfc

space that follows the rfc 1918 standard thus allowing private

1918 standard thus allowing private connectivity across two vpc networks

connectivity across two vpc networks traffic stays within google's network

traffic stays within google's network and never traverses the public internet

and never traverses the public internet vpc peering gives you the flexibility of

vpc peering gives you the flexibility of peering networks that are of the same or

peering networks that are of the same or different projects along with being able

different projects along with being able to peer with other networks in different

to peer with other networks in different organizations vpc peering also gives you

organizations vpc peering also gives you several advantages over using external

several advantages over using external ip addresses or vpns to connect the

ip addresses or vpns to connect the first one is reducing network latency as

first one is reducing network latency as all peering traffic stays within

all peering traffic stays within google's high-speed network vpc peering

google's high-speed network vpc peering also offers greater network security as

also offers greater network security as you don't need to have services exposed

you don't need to have services exposed to the public internet and deal with

to the public internet and deal with greater risks of having your traffic

greater risks of having your traffic getting compromised or if you're trying

getting compromised or if you're trying to achieve compliance standards for your

to achieve compliance standards for your organization vpc peering will allow you

organization vpc peering will allow you to achieve the standards that you need

to achieve the standards that you need and finally vpc network peering reduces

and finally vpc network peering reduces network costs as you save on egress

network costs as you save on egress costs for traffic leaving gcp so in a

costs for traffic leaving gcp so in a regular network google charges you for

regular network google charges you for traffic communicating using public ips

traffic communicating using public ips even if the traffic is within the same

even if the traffic is within the same zone now you can bypass this and save

zone now you can bypass this and save money by using internal ips to

money by using internal ips to communicate and keeping the traffic

communicate and keeping the traffic within the gcp network

within the gcp network now there are certain properties or

now there are certain properties or characteristics that peered vpcs follow

characteristics that peered vpcs follow and i wanted to point these out for

and i wanted to point these out for better understanding first off peer vpc

better understanding first off peer vpc networks remain administratively

networks remain administratively separate so what exactly does this mean

separate so what exactly does this mean well it means that routes firewalls vpns

well it means that routes firewalls vpns and other traffic management tools are

and other traffic management tools are administered and applied separately in

administered and applied separately in each of the vpc networks so this applies

each of the vpc networks so this applies to each vpc independently which also

to each vpc independently which also means that each side of a peering

means that each side of a peering association

association is set up independently as well so when

is set up independently as well so when you connect one vpc to the other you

you connect one vpc to the other you have to go into each vpc that you are

have to go into each vpc that you are connecting to both initiate and

connecting to both initiate and establish the connection peering becomes

establish the connection peering becomes active only when the configuration from

active only when the configuration from both sides match this also means that

both sides match this also means that each vpc can delete the peering

each vpc can delete the peering association at any given time now during

association at any given time now during vpc peering the vpc peers always

vpc peering the vpc peers always exchange all subnet routes you also have

exchange all subnet routes you also have the option of exchanging custom routes

the option of exchanging custom routes subnet and static routes are global and

subnet and static routes are global and dynamic routes can be regional or global

dynamic routes can be regional or global a given vpc network can peer with

a given vpc network can peer with multiple vpc networks but there is a

multiple vpc networks but there is a limit that you can reach in which you

limit that you can reach in which you would have to reach out to google and

would have to reach out to google and ask the limit to be increased now when

ask the limit to be increased now when peering with vpc networks there are

peering with vpc networks there are certain restrictions in place that you

certain restrictions in place that you should be aware of first off a subnet

should be aware of first off a subnet cider range in one peered vpc network

cider range in one peered vpc network cannot overlap with a static route in

cannot overlap with a static route in another peered network this rule covers

another peered network this rule covers both subnet routes and static routes so

both subnet routes and static routes so when a vpc subnet is created or a subnet

when a vpc subnet is created or a subnet ip range is expanded google cloud

ip range is expanded google cloud performs a check to make sure that the

performs a check to make sure that the new subnet range does not overlap with

new subnet range does not overlap with ip ranges of subnets in the same vpc

ip ranges of subnets in the same vpc network or in directly peered vpc

network or in directly peered vpc networks if it does the creation or

networks if it does the creation or expansion will fail google cloud also

expansion will fail google cloud also ensures that no overlapping subnet ip

ensures that no overlapping subnet ip ranges

ranges are allowed across vpc networks that

are allowed across vpc networks that have appeared network in common and

have appeared network in common and again if it does the creation or

again if it does the creation or expansion will fail now speaking of

expansion will fail now speaking of routing when you create a new subnet in

routing when you create a new subnet in appeared vpc network

appeared vpc network vpc network peering doesn't provide

vpc network peering doesn't provide granular route controls to filter out

granular route controls to filter out which subnet cider ranges are reachable

which subnet cider ranges are reachable across pure networks these are handled

across pure networks these are handled by firewall rules so to allow ingress

by firewall rules so to allow ingress traffic from vm instances in a peer

traffic from vm instances in a peer network you must create ingress allow

network you must create ingress allow firewall rules by default ingress

firewall rules by default ingress traffic to vms is blocked by the implied

traffic to vms is blocked by the implied deny ingress rule another key point to

deny ingress rule another key point to note is that transitive peering is not

note is that transitive peering is not supported and only directly peered

supported and only directly peered networks can communicate so they have to

networks can communicate so they have to be peered directly in this diagram

be peered directly in this diagram network a is peered with network b and

network a is peered with network b and network b is peered with network c and

network b is peered with network c and so if one instance is trying to

so if one instance is trying to communicate from network a to network c

communicate from network a to network c this cannot be done unless network a is

this cannot be done unless network a is directly peered with network c an

directly peered with network c an extremely important point to note for

extremely important point to note for vpc peering another thing to note is

vpc peering another thing to note is that you cannot use a tag or service

that you cannot use a tag or service account from one peered network in the

account from one peered network in the other peered network they must each have

other peered network they must each have their own as again they are each

their own as again they are each independently operated as stated earlier

independently operated as stated earlier and so the last thing that i wanted to

and so the last thing that i wanted to cover is that internal dns is not

cover is that internal dns is not accessible for compute engine in peered

accessible for compute engine in peered networks as they must use an ip to

networks as they must use an ip to communicate and so that about covers

communicate and so that about covers this short yet important lesson on the

this short yet important lesson on the theory and concepts of vpc peering and

theory and concepts of vpc peering and so now that we've covered all the theory

so now that we've covered all the theory i'm going to be taking these concepts

i'm going to be taking these concepts into a demo where we will be pairing two

into a demo where we will be pairing two networks together and verifying the

networks together and verifying the communication between them and so you

communication between them and so you can now mark this lesson as complete and

can now mark this lesson as complete and whenever you're ready join me in the

whenever you're ready join me in the console

welcome back in this hands-on demonstration

demonstration we're going to go through the steps to

we're going to go through the steps to create a peering connection from two

create a peering connection from two vpcs

vpcs in two separate projects as shown here

in two separate projects as shown here in the diagram and then to verify that

in the diagram and then to verify that the connection works we're going to

the connection works we're going to create two instances one in each network

create two instances one in each network and ping one instance from the other

and ping one instance from the other instance this demo is very similar to

instance this demo is very similar to the custom vpc demo that you had done

the custom vpc demo that you had done earlier but we are adding in another

earlier but we are adding in another layer of complexity by adding in vpc

layer of complexity by adding in vpc network peering and so there's quite a

network peering and so there's quite a bit to do here so let's go ahead and

bit to do here so let's go ahead and just dive in

just dive in okay so here we are back in the console

okay so here we are back in the console as you can see up in the top right hand

as you can see up in the top right hand corner i am logged in as tony bowties

corner i am logged in as tony bowties gmail.com and for this specific demo i

gmail.com and for this specific demo i will be using two projects both project

will be using two projects both project tony and project bowtie inc and if you

tony and project bowtie inc and if you currently do not have two projects you

currently do not have two projects you can go ahead and create yourself a new

can go ahead and create yourself a new project or the two projects if you have

project or the two projects if you have none and so i'm going to continue here

none and so i'm going to continue here with project tony and the first thing i

with project tony and the first thing i want to do is create the two networks in

want to do is create the two networks in the two separate projects so i'm going

the two separate projects so i'm going to go up to the navigation menu in the

to go up to the navigation menu in the top left hand corner and i'm going to

top left hand corner and i'm going to scroll down to vpc network

scroll down to vpc network here i'm going to create my first vpc

here i'm going to create my first vpc network and i'm going to name this

network and i'm going to name this bowtie ink

bowtie ink dash a i'm going to give it the same

dash a i'm going to give it the same description

description and then under subnets i'm going to

and then under subnets i'm going to leave the subnet creation mode under

leave the subnet creation mode under custom under the subnet name you can

custom under the subnet name you can call this subnet dash a

call this subnet dash a i'm going to use the us east one region

i'm going to use the us east one region and for the ip address range i'm going

and for the ip address range i'm going to use 10.0 that's 0.0 forward slash 20.

to use 10.0 that's 0.0 forward slash 20. and i'm going to leave all the other

and i'm going to leave all the other options as default and i'm going to go

options as default and i'm going to go down to the bottom and click on create

down to the bottom and click on create now as this network is being created i'm

now as this network is being created i'm going to go over to the project bowtie

going to go over to the project bowtie inc and i'm going to create the vpc

inc and i'm going to create the vpc network there so under name i'm going to

network there so under name i'm going to call this bowtie inc

call this bowtie inc b and under description i'm going to use

b and under description i'm going to use the same under subnets i'm going to keep

the same under subnets i'm going to keep subnet creation mode as custom and under

subnet creation mode as custom and under new subnet i'm going to call this subnet

new subnet i'm going to call this subnet subnet b the region will be used 4

subnet b the region will be used 4 and the ip address range will be

and the ip address range will be 10.4.0.0

10.4.0.0 forward slash 20. you can leave all the

forward slash 20. you can leave all the other options as default and scroll down

other options as default and scroll down to the bottom and click on create as

to the bottom and click on create as this network is being created i'm going

this network is being created i'm going to go back to project tony and i'm going

to go back to project tony and i'm going to create the firewall rule for bow tie

to create the firewall rule for bow tie ink dash a

ink dash a in this firewall rule as explained in

in this firewall rule as explained in the last lesson we'll allow

the last lesson we'll allow communication from one instance to the

communication from one instance to the other and so i'm going to click on

other and so i'm going to click on create firewall

create firewall and under name i'm going to call this

and under name i'm going to call this project

project tony dash a under description i'm going

tony dash a under description i'm going to use the same

to use the same under the network i'm going to choose

under the network i'm going to choose the source network which will be bowtie

the source network which will be bowtie inc dash a priority i'm going to keep at

inc dash a priority i'm going to keep at 1000 direction of traffic should be

1000 direction of traffic should be ingress and action on match should be

ingress and action on match should be allow under targets i'm going to select

allow under targets i'm going to select all instances in the network and under

all instances in the network and under source filter i'm going to keep ip

source filter i'm going to keep ip ranges selected and the source ip range

ranges selected and the source ip range specifically for this demo is going to

specifically for this demo is going to be 0.0.0.0

be 0.0.0.0 forward slash 0. and again this is

forward slash 0. and again this is specifically used for this demo and

specifically used for this demo and should never be used in a

should never be used in a production-like environment in

production-like environment in production you should only use the

production you should only use the source ip ranges that you are

source ip ranges that you are communicating with and under protocols

communicating with and under protocols and ports because i need to log into the

and ports because i need to log into the instance to be able to ping the other

instance to be able to ping the other instance i'm going to have to open up

instance i'm going to have to open up tcp on port 22. under other protocols

tcp on port 22. under other protocols you can add icmp and this will allow the

you can add icmp and this will allow the ping command to be used i'm going to

ping command to be used i'm going to leave all the other options as default

leave all the other options as default and i'm going to click on create and now

and i'm going to click on create and now that this firewall rule has been created

that this firewall rule has been created i need to go back over to project bowtie

i need to go back over to project bowtie inc and create the firewall rule there

inc and create the firewall rule there as well

as well i'm going to call this firewall rule

i'm going to call this firewall rule bowtie inc dash b i'm going to give it

bowtie inc dash b i'm going to give it the same description under network i'm

the same description under network i'm going to select bow tie ink dash b i'm

going to select bow tie ink dash b i'm going to keep the priority as 1000 and

going to keep the priority as 1000 and the direction of traffic should be

the direction of traffic should be ingress as well the action on match

ingress as well the action on match should be allow scrolling down under

should be allow scrolling down under targets i'm going to select all

targets i'm going to select all instances in the network and again under

instances in the network and again under source filter i'm going to keep ip

source filter i'm going to keep ip ranges selected and under source ip

ranges selected and under source ip ranges i'm going to enter in

ranges i'm going to enter in 0.0.0.0 forward slash 0. and under

0.0.0.0 forward slash 0. and under protocols and ports i'm going to select

protocols and ports i'm going to select tcp with port 22 as well under other

tcp with port 22 as well under other protocols i'm going to type in icmp i'm

protocols i'm going to type in icmp i'm going to leave everything else as

going to leave everything else as default and i'm going to click on create

default and i'm going to click on create now once you've created both networks

now once you've created both networks and have created both firewall rules you

and have created both firewall rules you can now start creating the instances so

can now start creating the instances so because i'm already in project bowtie

because i'm already in project bowtie inc i'm going to go to the left-hand

inc i'm going to go to the left-hand navigation menu and i'm going to scroll

navigation menu and i'm going to scroll down to compute engine and create my

down to compute engine and create my instance so i'm just going to click on

instance so i'm just going to click on create

create and to keep with the naming convention

and to keep with the naming convention i'm going to call this instance instance

i'm going to call this instance instance b i'm not going to add any labels for

b i'm not going to add any labels for now under region i'm going to choose us

now under region i'm going to choose us east 4 and you can leave the zone as the

east 4 and you can leave the zone as the default selection and under machine type

default selection and under machine type i'm going to select e2 micro and i'm

i'm going to select e2 micro and i'm going to scroll down to the bottom and

going to scroll down to the bottom and i'm going to click on management

i'm going to click on management security disks networking and sold

security disks networking and sold tenancy so that i'm able to go into the

tenancy so that i'm able to go into the networking tab to change the network on

networking tab to change the network on the default network interface so i'm

the default network interface so i'm going to click on the default network

going to click on the default network interface and under network i'm going to

interface and under network i'm going to select bowtie inc b and the subnet has

select bowtie inc b and the subnet has already been selected for me and then

already been selected for me and then i'm going to scroll down click on done

i'm going to scroll down click on done and i'm going to leave all the other

and i'm going to leave all the other options as default and click on create

options as default and click on create and so as this is creating i'm going to

and so as this is creating i'm going to go over to project tony

go over to project tony and i'm going to create my instance

and i'm going to create my instance there

there and i'm going to name this instance

and i'm going to name this instance instance a under region i am going to

instance a under region i am going to select us east1 you can leave the zone

select us east1 you can leave the zone as the default selected under machine

as the default selected under machine type i'm going to select e2 micro and

type i'm going to select e2 micro and scrolling down here to the bottom i'm

scrolling down here to the bottom i'm going to go into the networking tab

going to go into the networking tab under management security disks

under management security disks networking and soul

networking and soul and here i'm going to edit the network

and here i'm going to edit the network interface and change it from the default

interface and change it from the default network to bow tie ink dash a and as you

network to bow tie ink dash a and as you can see the subnet has been

can see the subnet has been automatically selected for me

automatically selected for me so now i can just simply click on done

so now i can just simply click on done i'm going to leave all the other options

i'm going to leave all the other options as default and i'm going to click on

as default and i'm going to click on create

create so just as a recap we've created two

so just as a recap we've created two separate networks in two separate

separate networks in two separate projects along with its corresponding

projects along with its corresponding subnets and the firewall rules along

subnets and the firewall rules along with creating an instance in each

with creating an instance in each network and so now that we have both

network and so now that we have both environments set up it's now time to

environments set up it's now time to create the vbc peering connection and so

create the vbc peering connection and so because i'm in project tony i'm going to

because i'm in project tony i'm going to start off with this project and i'm

start off with this project and i'm going to go up to the navigation menu

going to go up to the navigation menu and scroll down to vpc network and under

and scroll down to vpc network and under vpc network on the left hand menu you're

vpc network on the left hand menu you're going to click on vpc network peering

going to click on vpc network peering and through the interface shown here

and through the interface shown here we'll be able to create our vpc network

we'll be able to create our vpc network peering so now you're going to click on

peering so now you're going to click on create connection and i'm prompted with

create connection and i'm prompted with some information that i will need and

some information that i will need and because we are connecting to another vpc

because we are connecting to another vpc in another project you're going to need

in another project you're going to need the project id as well as the name of

the project id as well as the name of the vpc network you want to peer with

the vpc network you want to peer with and just as explained in the earlier

and just as explained in the earlier lesson the subnet ip ranges in both

lesson the subnet ip ranges in both networks cannot overlap so please make

networks cannot overlap so please make sure that if you are using ip ranges

sure that if you are using ip ranges outside of the ones that are given for

outside of the ones that are given for this demonstration the ip ranges that

this demonstration the ip ranges that you are using do not overlap so once you

you are using do not overlap so once you have that information you can then click

have that information you can then click continue

continue and so here you will be prompted with

and so here you will be prompted with some fields to fill out with the

some fields to fill out with the information that you were asked to

information that you were asked to collect in the previous screen and so

collect in the previous screen and so since we have that information already

since we have that information already we can go ahead and start filling in the

we can go ahead and start filling in the fields so i'm going to call this peering

fields so i'm going to call this peering connection peering

connection peering a b and under vpc network i'm going to

a b and under vpc network i'm going to select bow tie ink dash a under peered

select bow tie ink dash a under peered vpc network we're going to select the

vpc network we're going to select the other project which should be bowtie inc

other project which should be bowtie inc and the vpc network name will be bow tie

and the vpc network name will be bow tie inc dash b and i'm going to leave all

inc dash b and i'm going to leave all the other options as default and so

the other options as default and so under vpc network name you will see

under vpc network name you will see exchange custom routes and here i can

exchange custom routes and here i can select to import and export custom

select to import and export custom routes that i have previously created so

routes that i have previously created so any special routes that i have created

any special routes that i have created before the actual peering connection i

before the actual peering connection i can bring them over to the other network

can bring them over to the other network to satisfy my requirements and so i'm

to satisfy my requirements and so i'm not going to do that right now i'm going

not going to do that right now i'm going to close this up and i'm going to simply

to close this up and i'm going to simply click on create and so this is finished

click on create and so this is finished creating and is marked as inactive and

creating and is marked as inactive and this is because the corresponding

this is because the corresponding peering connection in project bowtie has

peering connection in project bowtie has yet to be configured the status will

yet to be configured the status will change to a green check mark in both

change to a green check mark in both networks and marked as active once they

networks and marked as active once they are connected if this status remains as

are connected if this status remains as inactive then you should recheck your

inactive then you should recheck your configuration and edit it accordingly so

configuration and edit it accordingly so now i'm going to head on over to project

now i'm going to head on over to project bowtie inc and i'm going to create the

bowtie inc and i'm going to create the corresponding peering connection i'm

corresponding peering connection i'm going to click on create connection once

going to click on create connection once you have your project id and the vpc

you have your project id and the vpc network you can click on continue and

network you can click on continue and for the name of this peering connection

for the name of this peering connection i'm going to call this peering dash ba

i'm going to call this peering dash ba respectively under vpc network i'm going

respectively under vpc network i'm going to select bowtie inc b and under peered

to select bowtie inc b and under peered vpc network i'm going to select in

vpc network i'm going to select in another project here you want to type in

another project here you want to type in your project id for me i'm going to

your project id for me i'm going to paste in my project tony project id and

paste in my project tony project id and under vpc network name i'm going to type

under vpc network name i'm going to type in bowtie inc

in bowtie inc a and i'm going to leave all the other

a and i'm going to leave all the other options as default and i'm going to

options as default and i'm going to click on create and so now that we've

click on create and so now that we've established connections on each of the

established connections on each of the peering connections in each vpc if the

peering connections in each vpc if the information that we've entered is

information that we've entered is correct then we should receive a green

correct then we should receive a green check mark stating that the peering

check mark stating that the peering connection is connected and success here

connection is connected and success here we have status as active and if i head

we have status as active and if i head on over to project tony i should have

on over to project tony i should have the same green check mark under status

the same green check mark under status for the peering connection and as

for the peering connection and as expected the status has a green check

expected the status has a green check mark and is marked as active so now in

mark and is marked as active so now in order to do the pairing connectivity

order to do the pairing connectivity test i'm going to need to grab the

test i'm going to need to grab the internal ip of the instance in the other

internal ip of the instance in the other network that resides in project bowtie

network that resides in project bowtie and so because it doesn't matter which

and so because it doesn't matter which instance i log into as both of them have

instance i log into as both of them have ssh and ping access i'm going to simply

ssh and ping access i'm going to simply go over to the navigation menu i'm going

go over to the navigation menu i'm going to head on over to compute engine and

to head on over to compute engine and i'm going to record the internal ip of

i'm going to record the internal ip of instance a and now i'm going to head

instance a and now i'm going to head over to project bowtie and log into

over to project bowtie and log into instance b and ping instance a and so in

instance b and ping instance a and so in order to ssh into this instance i'm

order to ssh into this instance i'm going to click on the ssh button under

going to click on the ssh button under connect and it should open a new browser

connect and it should open a new browser tab for me logging me into the instance

tab for me logging me into the instance okay i'm logged in here and i'm going to

okay i'm logged in here and i'm going to zoom in for better viewing and so now

zoom in for better viewing and so now i'm going to run a ping command against

i'm going to run a ping command against instance a using the internal ip that i

instance a using the internal ip that i had copied earlier and i'm going to hit

had copied earlier and i'm going to hit enter and as you can see ping is working

enter and as you can see ping is working and so now we can confirm that the vpc

and so now we can confirm that the vpc peering connection is established and

peering connection is established and the two instances in the different vpc

the two instances in the different vpc networks are communicating over their

networks are communicating over their private ips and you can go ahead and hit

private ips and you can go ahead and hit control c to stop the ping and so just

control c to stop the ping and so just as a recap you've created two separate

as a recap you've created two separate vpc networks with their own separate

vpc networks with their own separate subnets in two separate projects you've

subnets in two separate projects you've created the necessary firewall rules in

created the necessary firewall rules in each of these networks along with

each of these networks along with creating instances in each of those

creating instances in each of those networks you then established a vpc

networks you then established a vpc peering connection establishing the

peering connection establishing the configuration in each vpc you then did a

configuration in each vpc you then did a connectivity test by logging into one of

connectivity test by logging into one of the instances and pinging the other

the instances and pinging the other instance and so i hope this helps cement

instance and so i hope this helps cement the theory of vpc peering that you

the theory of vpc peering that you learned in the previous lesson and has

learned in the previous lesson and has given you some context when it comes to

given you some context when it comes to configuring each end of the peering

configuring each end of the peering connection so i wanted to take a moment

connection so i wanted to take a moment to congratulate you on completing this

to congratulate you on completing this demo and so all that's left now is to

demo and so all that's left now is to clean up all the resources that we

clean up all the resources that we created throughout this demo and you can

created throughout this demo and you can start by selecting the instances and

start by selecting the instances and deleting them in each network as well as

deleting them in each network as well as the firewall rules and the networks

the firewall rules and the networks themselves i'm going to go over to

themselves i'm going to go over to project tony and i'm going to do the

project tony and i'm going to do the same thing there and so you can do

same thing there and so you can do exactly what you did with the last

exactly what you did with the last instance here you can select it click on

instance here you can select it click on delete and delete the instance and so

delete and delete the instance and so next we're going to delete the peering

next we're going to delete the peering connection so we're going to go up to

connection so we're going to go up to the navigation menu we're going to

the navigation menu we're going to scroll down to vpc network and on the

scroll down to vpc network and on the left hand menu we're going to scroll

left hand menu we're going to scroll down to vpc network peering and so we're

down to vpc network peering and so we're going to select appearing connection

going to select appearing connection we're going to go to the top and click

we're going to go to the top and click on delete and then delete the peering

on delete and then delete the peering connection

connection and so now we're going to delete the

and so now we're going to delete the firewall rule so we're going to go up to

firewall rule so we're going to go up to firewall

we're going to select the firewall rule at the top we're going to click delete

at the top we're going to click delete and then delete the firewall rule and

and then delete the firewall rule and last but not least we want to delete the

last but not least we want to delete the vpc network that we created so we're

vpc network that we created so we're going to go up to vpc networks we're

going to go up to vpc networks we're going to drill down into the custom vpc

going to drill down into the custom vpc up at the top we're going to click on

up at the top we're going to click on delete vpc network and then we're going

delete vpc network and then we're going to click on delete and so now that we've

to click on delete and so now that we've deleted all the resources in project

deleted all the resources in project tony we're going to go back over to our

tony we're going to go back over to our second project project bowtie and do the

second project project bowtie and do the same thing and so we're first going to

same thing and so we're first going to start off with the vpc peering

start off with the vpc peering connection so we're going to go over to

connection so we're going to go over to vpc network peering we're going to

vpc network peering we're going to select the appearing connection we're

select the appearing connection we're gonna click on delete at the top and

gonna click on delete at the top and delete the peering connection next we're

delete the peering connection next we're gonna go into firewall we're gonna

gonna go into firewall we're gonna select the firewall rule go up to the

select the firewall rule go up to the top and click on delete and then delete

top and click on delete and then delete the firewall rule and finally we're

the firewall rule and finally we're gonna go over to vpc networks we're

gonna go over to vpc networks we're going to drill down into the custom

going to drill down into the custom network we're going to click on delete

network we're going to click on delete vpc network at the top and delete the

vpc network at the top and delete the vpc network

vpc network and so now that you've successfully

and so now that you've successfully deleted all your resources you can now

deleted all your resources you can now mark this lesson as complete and i'll

mark this lesson as complete and i'll see you in the next one and congrats

see you in the next one and congrats again on the great job of completing

again on the great job of completing this demo

this demo [Music]

[Music] welcome back and in this lesson i'm

welcome back and in this lesson i'm going to be discussing the concepts and

going to be discussing the concepts and terminology of shared vpcs i'm also

terminology of shared vpcs i'm also going to go into some detailed use cases

going to go into some detailed use cases and how shared vpcs would be used in

and how shared vpcs would be used in different scenarios so with that being

different scenarios so with that being said let's dive in

said let's dive in now when a vpc is created it is usually

now when a vpc is created it is usually tied to a specific project now what

tied to a specific project now what happens when you want to share resources

happens when you want to share resources across different projects but still have

across different projects but still have separate billing and access within the

separate billing and access within the projects themselves

projects themselves this is where shared vpcs come into play

this is where shared vpcs come into play shared vpcs allow an organization to

shared vpcs allow an organization to connect resources from multiple projects

connect resources from multiple projects to a common vpc network so that way they

to a common vpc network so that way they can communicate with each other securely

can communicate with each other securely and efficiently using internal ips from

and efficiently using internal ips from that network when you use shared vpcs

that network when you use shared vpcs you designate a project as a host

you designate a project as a host project and attach one or more other

project and attach one or more other service projects to it the vpc networks

service projects to it the vpc networks in the host project are considered the

in the host project are considered the shared vpc networks so just as a

shared vpc networks so just as a reminder a project that participates in

reminder a project that participates in a shared vpc is either a host project or

a shared vpc is either a host project or a service project a host project can

a service project a host project can contain one or more shared vpc networks

contain one or more shared vpc networks a service project is any project that

a service project is any project that has been attached to a host project by a

has been attached to a host project by a shared vpc admin this attachment allows

shared vpc admin this attachment allows it to participate in the shared vpc and

it to participate in the shared vpc and just as a note a project cannot be both

just as a note a project cannot be both a host and a service project

a host and a service project simultaneously it has to be one or the

simultaneously it has to be one or the other and you can create and use

other and you can create and use multiple host projects however each

multiple host projects however each service project can only be attached to

service project can only be attached to a single host project it is also a

a single host project it is also a common practice to have multiple service

common practice to have multiple service projects administered by different

projects administered by different departments or teams in the organization

departments or teams in the organization and so just for clarity for those who

and so just for clarity for those who are wondering a project that does not

are wondering a project that does not participate in a shared vpc

participate in a shared vpc is called a standalone project

is called a standalone project and this is to emphasize that it is

and this is to emphasize that it is neither a host project or a service

neither a host project or a service project now when it comes to

project now when it comes to administering these shared vpcs we

administering these shared vpcs we should be adhering to the principle of

should be adhering to the principle of least privilege and only assigning the

least privilege and only assigning the necessary access needed to specific

necessary access needed to specific users so here i broken down the roles

users so here i broken down the roles that are needed to enable and administer

that are needed to enable and administer the shared vpcs a shared vpc admin has

the shared vpcs a shared vpc admin has the permissions to enable host projects

the permissions to enable host projects attach service projects to host projects

attach service projects to host projects and delegate access to some or all of

and delegate access to some or all of the subnets in shared vpc networks to

the subnets in shared vpc networks to service project admins when it comes to

service project admins when it comes to a service project admin this is a shared

a service project admin this is a shared vpc admin for a given host project and

vpc admin for a given host project and is typically its project owner as well

is typically its project owner as well although when defining each service

although when defining each service project admin a shared vpc admin can

project admin a shared vpc admin can grant permission to use the whole host

grant permission to use the whole host project or just some subnets and so when

project or just some subnets and so when it comes to service project admins there

it comes to service project admins there are two separate levels of permissions

are two separate levels of permissions that can be applied the first is project

that can be applied the first is project level permissions and this is a service

level permissions and this is a service project admin that can be defined to

project admin that can be defined to have permission to use all subnets in

have permission to use all subnets in the host project when it comes to subnet

the host project when it comes to subnet level permissions a service project

level permissions a service project admin can be granted a more restrictive

admin can be granted a more restrictive set of permissions to use only some

set of permissions to use only some subnets now i wanted to move into some

subnets now i wanted to move into some use cases which will give you a bit more

use cases which will give you a bit more context on how shared vpcs are used in

context on how shared vpcs are used in specific environments illustrated here

specific environments illustrated here is a simple shared vpc scenario here a

is a simple shared vpc scenario here a host project has been created and

host project has been created and attached to service projects to it the

attached to service projects to it the service project admin in service project

service project admin in service project a

a can be configured to access all or some

can be configured to access all or some of the subnets in the shared vpc network

of the subnets in the shared vpc network service project admin with at least

service project admin with at least subnet level permissions to the 10.0.2.0

subnet level permissions to the 10.0.2.0 24 subnet has created vm1 in a zone

24 subnet has created vm1 in a zone located in the us west one region this

located in the us west one region this instance receives its internal ip

instance receives its internal ip address

address 10.0.2.15 from the 10.0.2.0

10.0.2.15 from the 10.0.2.0 24 cider block now service project

24 cider block now service project admins in service project b can be

admins in service project b can be configured to access all or some of the

configured to access all or some of the subnets in the shared vpc network a

subnets in the shared vpc network a service project admin with at least

service project admin with at least subnet level permissions to the

subnet level permissions to the 10.10.4.0 forward slash 24 subnet has

10.10.4.0 forward slash 24 subnet has created vm2 in a zone located in the us

created vm2 in a zone located in the us central 1 region this instance receives

central 1 region this instance receives its internal ip address

its internal ip address 10.10.4.1

10.10.4.1 from the

from the 10.10.4.0 forward slash 24 cider block

10.10.4.0 forward slash 24 cider block and of course the standalone project

and of course the standalone project does not participate in the shared vpc

does not participate in the shared vpc at all as it is neither a host nor a

at all as it is neither a host nor a service project and the last thing to

service project and the last thing to note

note instances in service projects attached

instances in service projects attached to a host project using the same shared

to a host project using the same shared vpc network

vpc network can communicate with one another using

can communicate with one another using either ephemeral or reserve static

either ephemeral or reserve static internal ip addresses and i will be

internal ip addresses and i will be covering both ephemeral and static ip

covering both ephemeral and static ip addresses in a later section under

addresses in a later section under compute engine external ip addresses

compute engine external ip addresses defined in the host project are only

defined in the host project are only usable by resources in that project they

usable by resources in that project they are not available for use in service

are not available for use in service projects moving on to the next use case

projects moving on to the next use case is a multiple hosts project for this use

is a multiple hosts project for this use case an organization is using two

case an organization is using two separate host projects development and

separate host projects development and production

production and each host project has two service

and each host project has two service projects attached to them both host

projects attached to them both host projects have one shared vpc network

projects have one shared vpc network with subnets configured to use the same

with subnets configured to use the same cider ranges both the testing and

cider ranges both the testing and production networks have been purposely

production networks have been purposely configured in the same way so this way

configured in the same way so this way when you work with resources tied to a

when you work with resources tied to a subnet range it will automatically

subnet range it will automatically translate over from one environment to

translate over from one environment to the other moving on to the next use case

the other moving on to the next use case is the hybrid environment now in this

is the hybrid environment now in this use case the organization has a single

use case the organization has a single host project with a single shared vpc

host project with a single shared vpc network the shared vpc network is

network the shared vpc network is connected via cloud vpn to an

connected via cloud vpn to an on-premises network some services and

on-premises network some services and applications are hosted in gcp while

applications are hosted in gcp while others are kept on premises and this way

others are kept on premises and this way separate teams can manage each of their

separate teams can manage each of their own service projects

own service projects and each project has no permissions to

and each project has no permissions to the other service projects as well each

the other service projects as well each service project can also be billed

service project can also be billed separately subnet level or project level

separately subnet level or project level permissions have been granted to the

permissions have been granted to the necessary service project admins

necessary service project admins so they can create instances that use

so they can create instances that use the shared vpc network and again

the shared vpc network and again instances in these service projects can

instances in these service projects can be configured to communicate with

be configured to communicate with internal services

internal services such as database or directory servers

such as database or directory servers located on premises and finally the last

located on premises and finally the last use case is a two-tier web service here

use case is a two-tier web service here an organization has a web service that

an organization has a web service that is separated into two tiers and

is separated into two tiers and different teams manage each tier the

different teams manage each tier the tier one service project represents the

tier one service project represents the externally facing component behind an

externally facing component behind an http or https load balancer the tier 2

http or https load balancer the tier 2 service project represents an internal

service project represents an internal service upon which tier 1 relies on and

service upon which tier 1 relies on and it is balanced using an internal tcp or

it is balanced using an internal tcp or udp load balancer the shared vpc allows

udp load balancer the shared vpc allows mapping of each tier of the web service

mapping of each tier of the web service to different projects so that they can

to different projects so that they can be managed by different teams while

be managed by different teams while sharing a common vpc network to host

sharing a common vpc network to host resources that are needed for both tiers

resources that are needed for both tiers now we cover quite a bit in this lesson

now we cover quite a bit in this lesson when it comes to all the concepts of

when it comes to all the concepts of shared vpcs we covered both host and

shared vpcs we covered both host and service projects and the roles that they

service projects and the roles that they play and their limitations we also went

play and their limitations we also went over the different roles that are needed

over the different roles that are needed to administrate these shared vpcs and we

to administrate these shared vpcs and we went over different use cases on how to

went over different use cases on how to use shared vpcs for different scenarios

use shared vpcs for different scenarios and so that about covers everything i

and so that about covers everything i wanted to discuss in this lesson

wanted to discuss in this lesson so you can now mark this lesson as

so you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

one [Music]

[Music] welcome back and in this lesson i'm

welcome back and in this lesson i'm going to be discussing vpc flow logs

going to be discussing vpc flow logs flow logs is an essential tool for

flow logs is an essential tool for monitoring and analyzing traffic

monitoring and analyzing traffic coming in and going out of vpcs from vm

coming in and going out of vpcs from vm instances flow logs are essential to

instances flow logs are essential to know for the exam as you should know the

know for the exam as you should know the capabilities and use cases and so with

capabilities and use cases and so with that being said let's dive in

that being said let's dive in so vpc flow logs records a sample of

so vpc flow logs records a sample of network flows

network flows sent from and received by vm instances

sent from and received by vm instances including instances used as google

including instances used as google kubernetes engine nodes these logs can

kubernetes engine nodes these logs can be used for network monitoring forensics

be used for network monitoring forensics real-time security analysis and expense

real-time security analysis and expense optimization when you enable vpc flow

optimization when you enable vpc flow logs you enable for all vms in a subnet

logs you enable for all vms in a subnet so basically you would be enabling vpc

so basically you would be enabling vpc flow logs on a subnet by subnet basis

flow logs on a subnet by subnet basis flow logs are aggregated by connection

flow logs are aggregated by connection from compute engine vms and exported in

from compute engine vms and exported in real time these logs can be exported to

real time these logs can be exported to cloud logging previously known as

cloud logging previously known as stackdriver for 30 days if logs need to

stackdriver for 30 days if logs need to be stored for longer than 30 days they

be stored for longer than 30 days they can be exported to a cloud storage

can be exported to a cloud storage bucket for longer term storage and then

bucket for longer term storage and then read and queried by cloud logging google

read and queried by cloud logging google cloud samples packets that leave and

cloud samples packets that leave and enter a vm to generate flow logs now not

enter a vm to generate flow logs now not every packet is captured into its own

every packet is captured into its own log record about one out of every 10

log record about one out of every 10 packets is captured but this sampling

packets is captured but this sampling rate might be lower depending on the

rate might be lower depending on the vm's load and just as a note you cannot

vm's load and just as a note you cannot adjust this rate this rate is locked by

adjust this rate this rate is locked by google cloud and cannot be changed in

google cloud and cannot be changed in any way and because vpc flow logs do not

any way and because vpc flow logs do not capture every packet it compensates for

capture every packet it compensates for missed packets by interpolating from the

missed packets by interpolating from the captured packets now there are many

captured packets now there are many different use cases for vpc flow logs

different use cases for vpc flow logs and i wanted to take a quick minute to

and i wanted to take a quick minute to go over them the first one i wanted to

go over them the first one i wanted to mention is network monitoring vpc flow

mention is network monitoring vpc flow logs provide you with real-time

logs provide you with real-time visibility into network throughput and

visibility into network throughput and performance so you can monitor the vpc

performance so you can monitor the vpc network perform network diagnostics

network perform network diagnostics understand traffic changes and help

understand traffic changes and help forecast capacity

forecast capacity for capacity planning you can also

for capacity planning you can also analyze network usage with vpc flow logs

analyze network usage with vpc flow logs and you can analyze the network flows

and you can analyze the network flows for traffic between regions and zones

for traffic between regions and zones traffic to specific countries on the

traffic to specific countries on the internet

internet and based on the analysis you can

and based on the analysis you can optimize your network traffic expenses

optimize your network traffic expenses now a great use case for vpc flow logs

now a great use case for vpc flow logs is network forensics

is network forensics so for example if an incident occurs you

so for example if an incident occurs you can examine which ips talked with whom

can examine which ips talked with whom and when and you can also look at any

and when and you can also look at any compromised ips by analyzing all the

compromised ips by analyzing all the incoming and outgoing network flows and

incoming and outgoing network flows and lastly

lastly vpc flow logs can be used for real-time

vpc flow logs can be used for real-time security analysis

security analysis you can leverage the real-time streaming

you can leverage the real-time streaming apis using pub sub and integrate them

apis using pub sub and integrate them with a sim or security information in

with a sim or security information in event management system like splunk

event management system like splunk rapid7 or logarithm and this is a very

rapid7 or logarithm and this is a very common way to add an extra layer of

common way to add an extra layer of security to your currently existing

security to your currently existing environment as well as a great way to

environment as well as a great way to meet any compliance standards that are

meet any compliance standards that are needed for your organization now vpc

needed for your organization now vpc flow logs are recorded in a specific

flow logs are recorded in a specific format log records contain base fields

format log records contain base fields which are the core fields of every log

which are the core fields of every log record and meta data fields that add

record and meta data fields that add additional information metadata fields

additional information metadata fields may be omitted to save storage costs but

may be omitted to save storage costs but base fields are always included and

base fields are always included and cannot be omitted some log fields are in

cannot be omitted some log fields are in a multi-field format with more than one

a multi-field format with more than one piece of data in a given field

piece of data in a given field for example

for example the connection field that you see from

the connection field that you see from the base is of the ip details format

the base is of the ip details format which contains the source and

which contains the source and destination ip address and port

destination ip address and port plus the protocol in a single field

plus the protocol in a single field flows that have an endpoint in a gke

flows that have an endpoint in a gke cluster can be annotated with gke

cluster can be annotated with gke annotations which can include details of

annotations which can include details of the cluster

the cluster pod and service of the endpoint gke

pod and service of the endpoint gke annotations are only available with a

annotations are only available with a custom configuration of metadata fields

custom configuration of metadata fields now when you enable vpc flow logs you

now when you enable vpc flow logs you can set a filter based on both base and

can set a filter based on both base and metadata fields that only preserves logs

metadata fields that only preserves logs that match the filter all other logs are

that match the filter all other logs are discarded before being written to

discarded before being written to logging which saves you money and

logging which saves you money and reduces the time needed to find the

reduces the time needed to find the information you're looking for shown

information you're looking for shown here is a sample from the console in

here is a sample from the console in both the classic logs viewer as well as

both the classic logs viewer as well as the logs viewer in preview and so in the

the logs viewer in preview and so in the classic logs viewer you can simply

classic logs viewer you can simply select the sub network from the first

select the sub network from the first pull down menu and from the second pull

pull down menu and from the second pull down menu you can select the

down menu you can select the compute.googleapis.com

compute.googleapis.com forward slash vpc underscore flows and

forward slash vpc underscore flows and this will give you the information that

this will give you the information that you need to pull up all your vpc flow

you need to pull up all your vpc flow logs in the logs viewer preview it is

logs in the logs viewer preview it is done in a similar way but the query is

done in a similar way but the query is shown here in the query builder and can

shown here in the query builder and can be adjusted accordingly pulling up any

be adjusted accordingly pulling up any vpc flow logs must be done within the

vpc flow logs must be done within the console when viewing them in google

console when viewing them in google cloud and so the last thing i wanted to

cloud and so the last thing i wanted to show you before ending this lesson is a

show you before ending this lesson is a sample of the log itself the log shown

sample of the log itself the log shown here is a sample of what a vpc flow log

here is a sample of what a vpc flow log looks like

looks like and as you can see here beside each

and as you can see here beside each field you will see a small arrow

field you will see a small arrow clicking on these arrows will expand the

clicking on these arrows will expand the field and reveal many of the subfields

field and reveal many of the subfields that you saw on the last slide and will

that you saw on the last slide and will give you the necessary information you

give you the necessary information you need to analyze your vpc flow logs in

need to analyze your vpc flow logs in this example of the connection field it

this example of the connection field it shows the five tuple that describes this

shows the five tuple that describes this connection which you can clearly see up

connection which you can clearly see up here at the top and if i were to go

here at the top and if i were to go further down and expand more of these

further down and expand more of these fields i would find more information

fields i would find more information that could help me better analyze more

that could help me better analyze more logging info for my given problem that i

logging info for my given problem that i am trying to solve now i didn't want to

am trying to solve now i didn't want to go too deep into logging as i will be

go too deep into logging as i will be diving into a complete section on its

diving into a complete section on its own in a later section of the course but

own in a later section of the course but i did want you to get a feel for what

i did want you to get a feel for what type of data vpc flow logs can give you

type of data vpc flow logs can give you and how it can help you in your specific

and how it can help you in your specific use case as well as on the exam and so

use case as well as on the exam and so that's pretty much all i wanted to cover

that's pretty much all i wanted to cover with regards to vpc flow logs so you can

with regards to vpc flow logs so you can now mark this lesson as complete and

now mark this lesson as complete and let's move on to the next one

let's move on to the next one [Music]

[Music] welcome back in this lesson i'm going to

welcome back in this lesson i'm going to cover a high-level overview of a basic

cover a high-level overview of a basic foundational service that supports the

foundational service that supports the backbone of the internet as we know it

backbone of the internet as we know it today this foundation is called dns or

today this foundation is called dns or the domain name system dns is used

the domain name system dns is used widely in google cloud from mostly an

widely in google cloud from mostly an infrastructure perspective and is used

infrastructure perspective and is used in pretty much any other cloud

in pretty much any other cloud environment or computer network on the

environment or computer network on the planet now there is quite a bit to cover

planet now there is quite a bit to cover in this lesson with regards to dns so

in this lesson with regards to dns so with that being said let's dive in

with that being said let's dive in now dns or domain name system is a

now dns or domain name system is a global decentralized distributed

global decentralized distributed database that lets you store ip

database that lets you store ip addresses and other data

addresses and other data and look them up by name this system

and look them up by name this system uses human readable names like

uses human readable names like google.com and translates it into a

google.com and translates it into a language that computers understand which

language that computers understand which are numeric ip addresses for example

are numeric ip addresses for example humans access information online through

humans access information online through a domain name like google.com computers

a domain name like google.com computers use ip addresses to access information

use ip addresses to access information online like 172.217.

now whether you type google.com or the ip address into a web browser both will

ip address into a web browser both will connect to google.com dns translates the

connect to google.com dns translates the domain name to an ip address so that the

domain name to an ip address so that the web browser knows where to connect to

web browser knows where to connect to and we know what to enter into the web

and we know what to enter into the web browser through dns you can connect a

browser through dns you can connect a domain name to web hosting

domain name to web hosting mail

mail and other services

and other services now getting a bit deeper into it as ip

now getting a bit deeper into it as ip addresses are at the core of

addresses are at the core of communicating between devices on the

communicating between devices on the internet they are hard to memorize and

internet they are hard to memorize and can change often even for the same

can change often even for the same service to get around these problems we

service to get around these problems we gave names to ip addresses for example

gave names to ip addresses for example when it comes to our computer

when it comes to our computer communicating with

communicating with www.google.com it will use the dns

www.google.com it will use the dns system to do this now in the dns

system to do this now in the dns database contains the information needed

database contains the information needed to convert the www.google.com

to convert the www.google.com domain name to the ip address and this

domain name to the ip address and this piece of information is stored in a

piece of information is stored in a logical container called a zone the way

logical container called a zone the way that the zone is stored is through

that the zone is stored is through what's commonly known as a zone file now

what's commonly known as a zone file now within this zone file is a dns record

within this zone file is a dns record which links the name

which links the name www and the ip address that your laptop

www and the ip address that your laptop needs to communicate

needs to communicate with the specific website and this zone

with the specific website and this zone file is hosted by what's known as a name

file is hosted by what's known as a name server or ns server for short and i will

server or ns server for short and i will be going into further detail on this in

be going into further detail on this in just a minute so in short if you can

just a minute so in short if you can query the zone for the record

query the zone for the record www.google.com

www.google.com then your computer can communicate with

then your computer can communicate with the web server and dns is what makes it

the web server and dns is what makes it all happen

all happen now i wanted to go into a bit of history

now i wanted to go into a bit of history of how dns came about so in early

of how dns came about so in early computer networks a simple text file

computer networks a simple text file called a host file was created that

called a host file was created that mapped hostnames to ip addresses and

mapped hostnames to ip addresses and this enabled people to refer to other

this enabled people to refer to other computers by the name and their

computers by the name and their computers translated that name to an ip

computers translated that name to an ip address when it needed to communicate

address when it needed to communicate with it the problem is as network sizes

with it the problem is as network sizes increased the host file approach became

increased the host file approach became impractical due to the fact that it

impractical due to the fact that it needed to be stored on each computer as

needed to be stored on each computer as each computer would have to resolve the

each computer would have to resolve the same host names as well updates were

same host names as well updates were difficult to manage as all of the

difficult to manage as all of the computers would need to be given an

computers would need to be given an updated file all in all this system was

updated file all in all this system was not scalable

not scalable now to overcome these and other

now to overcome these and other limitations the dns system was developed

limitations the dns system was developed and the dns system essentially provided

and the dns system essentially provided for a way to organize the names using a

for a way to organize the names using a domain name structure it also provided a

domain name structure it also provided a dynamic system for protocols services

dynamic system for protocols services and methods

and methods for storing updating and retrieving ip

for storing updating and retrieving ip addresses for host computers

addresses for host computers now that i've covered what dns is

now that i've covered what dns is and why we use it i wanted to dive into

and why we use it i wanted to dive into the structure of the dns system now the

the structure of the dns system now the structure all begins with a dot the root

structure all begins with a dot the root if you will and this can be found after

if you will and this can be found after every domain name that you type into

every domain name that you type into your browser you will almost never see

your browser you will almost never see it and this is because your browser will

it and this is because your browser will automatically put it in without your

automatically put it in without your knowing you can try it with any domain

knowing you can try it with any domain in any browser and you will almost

in any browser and you will almost always come up with the same result this

always come up with the same result this dot is put in for you and will provide

dot is put in for you and will provide the route for you and this is where we

the route for you and this is where we start to break down the dns system

start to break down the dns system now the domain name space consists of a

now the domain name space consists of a hierarchical data structure like the one

hierarchical data structure like the one you have on your computer each node has

you have on your computer each node has a label and zero or more resource

a label and zero or more resource records which hold information

records which hold information associated with the domain name the

associated with the domain name the domain name itself consists of the label

domain name itself consists of the label concatenated with the name of its parent

concatenated with the name of its parent node on the right separated by a dot so

node on the right separated by a dot so when it comes to dns the domain name is

when it comes to dns the domain name is always assembled from right to left this

always assembled from right to left this hierarchy or tree is subdivided into

hierarchy or tree is subdivided into zones beginning at the root zone a dns

zones beginning at the root zone a dns zone may consist of only one domain or

zone may consist of only one domain or may consist of many domains and sub

may consist of many domains and sub domains depending on the administrative

domains depending on the administrative choices of the zone manager now getting

choices of the zone manager now getting right into it the root server is the

right into it the root server is the first step in translating human readable

first step in translating human readable hostnames into ip addresses the root

hostnames into ip addresses the root domain is comprised of 13 dns systems

domain is comprised of 13 dns systems dispersed around the world known

dispersed around the world known collectively as the dns root servers

collectively as the dns root servers they are indicated by the letters a

they are indicated by the letters a through m

through m operated by 12 organizations such as

operated by 12 organizations such as verisign cogent and nasa while there are

verisign cogent and nasa while there are 13 ip addresses that represent these

13 ip addresses that represent these systems there are actually more than 13

systems there are actually more than 13 servers some of the ip addresses are

servers some of the ip addresses are actually a cluster of dns servers and so

actually a cluster of dns servers and so each of these dns servers also consists

each of these dns servers also consists of the root zone file which contains the

of the root zone file which contains the address of the authoritative name server

address of the authoritative name server for each top level domain and because

for each top level domain and because this is such a big undertaking to keep

this is such a big undertaking to keep updated iana or the internet assigned

updated iana or the internet assigned numbers authority was appointed as the

numbers authority was appointed as the authority that manages and administrates

authority that manages and administrates this file and i will include a link in

this file and i will include a link in the lesson text for those of you who are

the lesson text for those of you who are looking to dive deeper into the contents

looking to dive deeper into the contents of this root zone file as well as

of this root zone file as well as getting to know a little bit more about

getting to know a little bit more about the iana organization now while the dns

the iana organization now while the dns root servers establish the hierarchy

root servers establish the hierarchy most of the name resolution process is

most of the name resolution process is delegated to other dns servers so just

delegated to other dns servers so just below the dns route in the hierarchy are

below the dns route in the hierarchy are the top level domain servers

the top level domain servers also known as tld for short the top

also known as tld for short the top level domain takes the tld provided in

level domain takes the tld provided in the user's query for example www.google

the user's query for example www.google and provides details for the dot-com tld

and provides details for the dot-com tld name server the companies that

name server the companies that administer these domains are named

administer these domains are named registries and they operate the

registries and they operate the authoritative name servers for these top

authoritative name servers for these top level domains for example verisign is

level domains for example verisign is the registry for the dot com top level

the registry for the dot com top level domain over a hundred million domains

domain over a hundred million domains have been registered in the dot com top

have been registered in the dot com top level domain and these top level dns

level domain and these top level dns servers

servers handle top level domains such as com dot

handle top level domains such as com dot org dot net and dot io and this can also

org dot net and dot io and this can also be referred to as the gtld which is the

be referred to as the gtld which is the general top level domains and the cctld

general top level domains and the cctld which is the country code top level

which is the country code top level domain like dot ca for canada dot uk for

domain like dot ca for canada dot uk for the united kingdom and dot it for italy

the united kingdom and dot it for italy the top level dns servers delegate to

the top level dns servers delegate to thousands of second level dns servers

thousands of second level dns servers now second level domain names are sold

now second level domain names are sold to companies and other organizations and

to companies and other organizations and over 900 accredited registrars register

over 900 accredited registrars register and manage the second level domains in

and manage the second level domains in the dot com domain for end users the

the dot com domain for end users the second level of this structure is

second level of this structure is comprised of millions of domain names

comprised of millions of domain names second level dns servers can further

second level dns servers can further delegate the zone but most commonly

delegate the zone but most commonly store the individual host records for a

store the individual host records for a domain name this is the server at the

domain name this is the server at the bottom of the dns lookup chain where you

bottom of the dns lookup chain where you would typically find resource records

would typically find resource records and it is these resource records that

and it is these resource records that maps services and host names to ip

maps services and host names to ip addresses and will respond with the

addresses and will respond with the queried resource record ultimately

queried resource record ultimately allowing the web browser making the

allowing the web browser making the request to reach the ip address needed

request to reach the ip address needed to access a website or other web

to access a website or other web resources now there is one more concept

resources now there is one more concept that i wanted to cover

that i wanted to cover before we move on and this is the sub

before we move on and this is the sub domain now some of you have noticed and

domain now some of you have noticed and wondered where does the sub domain come

wondered where does the sub domain come into play with regards to the dns

into play with regards to the dns structure well this is a resource record

structure well this is a resource record that falls under the second level domain

that falls under the second level domain and in dns hierarchy a sub domain is a

and in dns hierarchy a sub domain is a domain that is a part of another main

domain that is a part of another main domain but i wanted to put it in here

domain but i wanted to put it in here just to give you an understanding of

just to give you an understanding of where subdomains would fall so now that

where subdomains would fall so now that we understand how dns is structured i

we understand how dns is structured i wanted to go through the breakdown of

wanted to go through the breakdown of the data flow of dns to give you some

the data flow of dns to give you some better contacts now there are eight

better contacts now there are eight steps in a dns lookup first we start off

steps in a dns lookup first we start off with the dns client which is shown here

with the dns client which is shown here as tony bowtie's laptop and this is a

as tony bowtie's laptop and this is a client device which could also be a

client device which could also be a phone or a tablet and is configured with

phone or a tablet and is configured with software to send name resolution queries

software to send name resolution queries to a dns server so when a client needs

to a dns server so when a client needs to resolve a remote host name into its

to resolve a remote host name into its ip address in most cases it sends a

ip address in most cases it sends a request to the dns recursive resolver

request to the dns recursive resolver which returns the ip address of the

which returns the ip address of the remote host to the client a recursive

remote host to the client a recursive resolver

resolver is a dns server that is configured to

is a dns server that is configured to query other dns servers until it finds

query other dns servers until it finds the answer to the question it will

the answer to the question it will either return the answer or an error

either return the answer or an error message to the client if it cannot

message to the client if it cannot answer the query and the query will

answer the query and the query will eventually be passed off to the dns

eventually be passed off to the dns client the recursive resolver in essence

client the recursive resolver in essence acts as the middle man between a client

acts as the middle man between a client and a dns name server which is usually

and a dns name server which is usually the internet service provider a service

the internet service provider a service carrier or a corporate network now to

carrier or a corporate network now to make sure that a resolver is able to

make sure that a resolver is able to properly run dns a root hints file is

properly run dns a root hints file is supplied with almost every operating

supplied with almost every operating system and this file holds the ip

system and this file holds the ip addresses for the root name servers this

addresses for the root name servers this also includes the dns resolver but in

also includes the dns resolver but in case it is unable to answer the query

case it is unable to answer the query the client will be able to still make

the client will be able to still make the query to the dns name servers now

the query to the dns name servers now after receiving a dns query from a

after receiving a dns query from a client

client this recursive resolver will either

this recursive resolver will either respond with cache data or send a

respond with cache data or send a request to a root name server and in

request to a root name server and in this case the resolver queries a dns

this case the resolver queries a dns root name server the root server then

root name server the root server then responds to the resolver with the

responds to the resolver with the address of a top level domain or tld dns

address of a top level domain or tld dns server such as com or dot net which

server such as com or dot net which stores the information for its domains

stores the information for its domains now when searching for google.com the

now when searching for google.com the request is pointed towards the dot-com

request is pointed towards the dot-com tld so naturally the resolver then makes

tld so naturally the resolver then makes a request to the com tld then the tld

a request to the com tld then the tld name server then responds with the ip

name server then responds with the ip address of the domain's name server

address of the domain's name server google.com and lastly the resolver then

google.com and lastly the resolver then sends a query to the domain's name

sends a query to the domain's name server the ip address for google.com is

server the ip address for google.com is then returned to the resolver from the

then returned to the resolver from the name server this ip address is cache for

name server this ip address is cache for a period of time determined by the

a period of time determined by the google.com name server and this process

google.com name server and this process is so that a future request for this

is so that a future request for this hostname could be resolved from its

hostname could be resolved from its cache rather than performing the entire

cache rather than performing the entire process from beginning to end and so for

process from beginning to end and so for those of you who are unaware cache is a

those of you who are unaware cache is a component that stores data so that

component that stores data so that future requests for that data can be

future requests for that data can be served faster the purpose of this

served faster the purpose of this caching is to temporarily store data in

caching is to temporarily store data in a location that results in improvements

a location that results in improvements in performance and reliability for data

in performance and reliability for data requests dns caching involves storing

requests dns caching involves storing the data closer to the requesting client

the data closer to the requesting client so that the dns query can be resolved

so that the dns query can be resolved earlier and additional queries further

earlier and additional queries further down the dns lookup chain can be avoided

down the dns lookup chain can be avoided and thus improving load times dns data

and thus improving load times dns data can be cached in a variety of locations

can be cached in a variety of locations down the chain each of which will store

down the chain each of which will store dns records for a set amount of time

dns records for a set amount of time determined by a time to live also known

determined by a time to live also known as ttl for short and this value is the

as ttl for short and this value is the time to live for that domain record a

time to live for that domain record a high ttl for a domain record means that

high ttl for a domain record means that local dns resolvers will cache responses

local dns resolvers will cache responses for longer and give quicker responses

for longer and give quicker responses however making changes to dns records

however making changes to dns records can take longer due to the need to wait

can take longer due to the need to wait for all cash records to expire

for all cash records to expire alternatively domain records with low

alternatively domain records with low ttls can change much more quickly but

ttls can change much more quickly but dns resolvers will need to refresh their

dns resolvers will need to refresh their records more often and so in this final

records more often and so in this final step the dns resolver then responds to

step the dns resolver then responds to the web browser with the ip address of

the web browser with the ip address of the domain requested initially and once

the domain requested initially and once these eight steps of the dns lookup have

these eight steps of the dns lookup have returned the ip address for

returned the ip address for www.google.com

www.google.com the browser is able to make the request

the browser is able to make the request for the webpage and so the browser will

for the webpage and so the browser will reach out to the ip address of the

reach out to the ip address of the server and request the web page which

server and request the web page which will be loaded up in the browser now i

will be loaded up in the browser now i know this probably has been a review for

know this probably has been a review for those who are a bit more advanced when

those who are a bit more advanced when it comes to understanding dns but for

it comes to understanding dns but for others who are fairly new to the

others who are fairly new to the underpinnings of dns i hope this has

underpinnings of dns i hope this has given you a basic understanding of what

given you a basic understanding of what it is why we use it and how it works

it is why we use it and how it works moving forward in the course i will be

moving forward in the course i will be discussing dns with regards to different

discussing dns with regards to different services and the needed resource records

services and the needed resource records within zones that are used by these

within zones that are used by these given services and so that's pretty much

given services and so that's pretty much all i wanted to cover when it comes to

all i wanted to cover when it comes to the fundamentals of dns so you can now

the fundamentals of dns so you can now mark this lesson as complete and let's

mark this lesson as complete and let's move on to the next one

move on to the next one [Music]

[Music] welcome back in this lesson i'm going to

welcome back in this lesson i'm going to be diving into dns record types now dns

be diving into dns record types now dns resource records are the basic

resource records are the basic information elements of the domain name

information elements of the domain name system they are entries in the dns

system they are entries in the dns database which provide information about

database which provide information about hosts these records are physically

hosts these records are physically stored in the zone files on the dns

stored in the zone files on the dns server this lesson will go through some

server this lesson will go through some of the most commonly used dns records

of the most commonly used dns records that we will be coming across throughout

that we will be coming across throughout this course so with that being said

this course so with that being said let's dive in now the first record that

let's dive in now the first record that i wanted to touch on are the name server

i wanted to touch on are the name server records also known as ns records for

records also known as ns records for short this record identifies which dns

short this record identifies which dns server contains the current records for

server contains the current records for a domain these servers are usually found

a domain these servers are usually found at a registrar internet service provider

at a registrar internet service provider or hosting company ns records are

or hosting company ns records are created to identify the name server used

created to identify the name server used for each domain name within a given zone

for each domain name within a given zone in this example we have the dot co zone

in this example we have the dot co zone that will have multiple name server

that will have multiple name server records for

records for bowtieinc.co now these name server

bowtieinc.co now these name server records are how the dot co delegation

records are how the dot co delegation happens for bowtieinc.co and they point

happens for bowtieinc.co and they point at servers that host the

at servers that host the inc.co zone that is managed by bowtie

inc.co zone that is managed by bowtie inc and the flow shown here of the query

inc and the flow shown here of the query starts from the root zone going to the

starts from the root zone going to the dot co zone where the record lies for

dot co zone where the record lies for the name servers for bowtieinc.com

the name servers for bowtieinc.com and flows down to the bowtieinc.cozone

and flows down to the bowtieinc.cozone that contain all the necessary records

that contain all the necessary records for bowtieinc.co

for bowtieinc.co the next record that i wanted to touch

the next record that i wanted to touch on are the a and aaa records and this is

on are the a and aaa records and this is short for address records for ipv4 and

short for address records for ipv4 and ipv6 ip addresses respectively and this

ipv6 ip addresses respectively and this record points a domain name to an ip

record points a domain name to an ip address for example when you type wwe

in a web browser the dns system will translate that domain name

translate that domain name to the ip address of 52.54.92.195

using the a record information stored in the bowtieinc.co

the bowtieinc.co dns zone file the a record links a

dns zone file the a record links a website's domain name to an ipv4 address

website's domain name to an ipv4 address that points to the server where the

that points to the server where the website's files live now when it comes

website's files live now when it comes to an aaa record this links a website's

to an aaa record this links a website's domain to an ipv6 address that points to

domain to an ipv6 address that points to the same server where the website's

the same server where the website's files live a records are the simplest

files live a records are the simplest type of dns records and one of the

type of dns records and one of the primary records used in dns servers you

primary records used in dns servers you can do a lot with a records including

can do a lot with a records including using multiple a records for the same

using multiple a records for the same domain in order to provide redundancy

domain in order to provide redundancy the same can be said

the same can be said for aaa records additionally multiple

for aaa records additionally multiple domains could point to the same address

domains could point to the same address in which case each would have its own a

in which case each would have its own a or aaa record pointing to that same ip

or aaa record pointing to that same ip address

address moving on to cname records a c name

moving on to cname records a c name record short for canonical name record

record short for canonical name record is a type of resource record that maps

is a type of resource record that maps one domain name to another this can be

one domain name to another this can be really convenient when running multiple

really convenient when running multiple services like an ftp server and an

services like an ftp server and an e-commerce server each running on

e-commerce server each running on different ports from a single ip address

different ports from a single ip address you can for example

you can for example point ftp ftp.bowtieinc.co

point ftp ftp.bowtieinc.co and shop.bowtieinc.co

and shop.bowtieinc.co to the dns entry for bowtieinc.co

to the dns entry for bowtieinc.co which in turn has an a record which

which in turn has an a record which points to the ip address so if the ip

points to the ip address so if the ip address ever changes

address ever changes you only have to change the record in

you only have to change the record in one place in the dns a record for bow

one place in the dns a record for bow tie inc dot co and just as a note cname

tie inc dot co and just as a note cname records must always point to another

records must always point to another domain name and never directly to an ip

domain name and never directly to an ip address next up are txt records a text

address next up are txt records a text record or txt for short is a type of

record or txt for short is a type of resource record that provides text

resource record that provides text information to sources outside your

information to sources outside your domain that can be used for a number of

domain that can be used for a number of arbitrary purposes the records value can

arbitrary purposes the records value can be either human or machine readable text

be either human or machine readable text in many cases text records are used to

in many cases text records are used to verify domain ownership or even to

verify domain ownership or even to provide human readable information about

provide human readable information about a server a network or a data center it

a server a network or a data center it is also often used in a more structured

is also often used in a more structured fashion to record small amounts of

fashion to record small amounts of machine readable data into the dns

machine readable data into the dns system a domain may have multiple tax

system a domain may have multiple tax records associated with it

records associated with it provided the dns server implementation

provided the dns server implementation supports this each record can in turn

supports this each record can in turn have one or more character strings in

have one or more character strings in this example

this example google wants to verify the bowtieinc.co

google wants to verify the bowtieinc.co domain so that g suite can be set up and

domain so that g suite can be set up and needs verification through the domain to

needs verification through the domain to google through creating a text record

google through creating a text record and adding it to the zone google will

and adding it to the zone google will then supply a text verification record

then supply a text verification record to add to the domain host's dns records

to add to the domain host's dns records and start to scan for the text record to

and start to scan for the text record to verify the domain

verify the domain the supplied text record is then added

the supplied text record is then added by the domain administrator and behind

by the domain administrator and behind the scenes google is doing a

the scenes google is doing a verification check at timed intervals

verification check at timed intervals when google finally sees the record

when google finally sees the record exists the domain ownership is confirmed

exists the domain ownership is confirmed and g suite can be enabled for the

and g suite can be enabled for the domain and this is a typical example of

domain and this is a typical example of how tax records are used now moving on

how tax records are used now moving on to mx records a dns

to mx records a dns mx record also known as the mail

mx record also known as the mail exchange record is the resource record

exchange record is the resource record that directs email to a mail server the

that directs email to a mail server the mx record indicates how email messages

mx record indicates how email messages should be routed and to which server

should be routed and to which server mail should go to like cname records an

mail should go to like cname records an mx record must always point to another

mx record must always point to another domain now mx records consist of two

domain now mx records consist of two parts the priority

parts the priority and the domain name the priority are the

and the domain name the priority are the numbers before the domains for these mx

numbers before the domains for these mx records and indicate the preference of

records and indicate the preference of the order in which the mail server

the order in which the mail server should be used the lower the preference

should be used the lower the preference number the higher the priority so in

number the higher the priority so in this example

this example laura is emailing tony bowtie at tony at

laura is emailing tony bowtie at tony at bowtieinc.co

bowtieinc.co the mx records are part of this process

the mx records are part of this process as dns needs to know where to send the

as dns needs to know where to send the mail to and we'll look at the domain

mail to and we'll look at the domain attached to the email address which is

attached to the email address which is bowtieinc.co so the dns client will run

bowtieinc.co so the dns client will run a regular dns query by first going to

a regular dns query by first going to the root then to the

the root then to the cotld and finally to bowtieinc.co

cotld and finally to bowtieinc.co it will then receive the mx record which

it will then receive the mx record which in this example is two of them the first

in this example is two of them the first one being mail representing

one being mail representing mail.bowtieinc.co

mail.bowtieinc.co and then the second one is a different

and then the second one is a different mail server outside the current domain

mail server outside the current domain and in this case is a google mail server

and in this case is a google mail server of aspmx.l.google.com

and this is a fully qualified domain name as the dot on the right of this

name as the dot on the right of this record suggests so here the server will

record suggests so here the server will always try mail.bowtieinc.co

always try mail.bowtieinc.co first because 5 is lower than 10. and

first because 5 is lower than 10. and this will give mail.bowtieinc.co

this will give mail.bowtieinc.co the higher priority in the result of a

the higher priority in the result of a message send failure the server will

message send failure the server will default to aspmx.l.google.com

if both values are the same then it would be low balanced across both

would be low balanced across both servers whichever is used the server

servers whichever is used the server gets the result of the query back and it

gets the result of the query back and it uses this to connect to the mail server

uses this to connect to the mail server for bowtieinc.co via the smtp protocol

for bowtieinc.co via the smtp protocol and it uses this protocol to deliver all

and it uses this protocol to deliver all email and this is how mx records are

email and this is how mx records are used for email the next record i wanted

used for email the next record i wanted to cover are the pointer records

to cover are the pointer records also known as ptr records for short and

also known as ptr records for short and this provides the domain name associated

this provides the domain name associated with an ip address so a dns pointer

with an ip address so a dns pointer record is exactly the opposite of the a

record is exactly the opposite of the a record which provides the ip address

record which provides the ip address associated with the domain name dns

associated with the domain name dns pointer records are used in reverse dns

pointer records are used in reverse dns lookups as we discussed earlier when a

lookups as we discussed earlier when a user attempts to reach a domain name in

user attempts to reach a domain name in their browser a dns lookup occurs

their browser a dns lookup occurs matching the domain name to the ip

matching the domain name to the ip address a reverse dns lookup is the

address a reverse dns lookup is the opposite of this process and it is a

opposite of this process and it is a query that starts with the ip address

query that starts with the ip address and looks up the domain name while dnsa

and looks up the domain name while dnsa records are stored under the given

records are stored under the given domain name dns pointer records are

domain name dns pointer records are stored under the ip address reverse and

stored under the ip address reverse and ending in dot i n

ending in dot i n a d d r dot arpa so in this example the

a d d r dot arpa so in this example the pointer record for the iap address

pointer record for the iap address 52.54.90

dot in addr dot arpa ipv6 addresses are

addr dot arpa ipv6 addresses are constructed differently from ipv4

constructed differently from ipv4 addresses and ipv6 pointer records exist

addresses and ipv6 pointer records exist in a different namespace

in a different namespace within.arpa ipv6 pointer records are

within.arpa ipv6 pointer records are stored under the ipv6 address reversed

stored under the ipv6 address reversed and converted into 4-bit sections as

and converted into 4-bit sections as opposed to 8-bit sections as in ipv4 and

opposed to 8-bit sections as in ipv4 and as well the domain.ip6.arpa

as well the domain.ip6.arpa is added at the end pointer records are

is added at the end pointer records are used most commonly in reverse dns

used most commonly in reverse dns lookups for anti-spam troubleshooting

lookups for anti-spam troubleshooting email delivery issues and logging and so

email delivery issues and logging and so the last record that i wanted to cover

the last record that i wanted to cover are the soa records also known as the

are the soa records also known as the start of authority records and this

start of authority records and this resource record is created for you when

resource record is created for you when you create your managed zone and

you create your managed zone and specifies the authoritative information

specifies the authoritative information including global parameters about a dns

including global parameters about a dns zone the soa record stores important

zone the soa record stores important information about a domain or zone such

information about a domain or zone such as the email address of the

as the email address of the administrator when the domain was last

administrator when the domain was last updated and how long the server should

updated and how long the server should wait between refreshes every dns zone

wait between refreshes every dns zone registered must have an soa record as

registered must have an soa record as per the rfc 1035 and there is exactly

per the rfc 1035 and there is exactly one soa record per zone the soa record

one soa record per zone the soa record contains the core information about your

contains the core information about your zone so it is not possible for your zone

zone so it is not possible for your zone to work without that information and i

to work without that information and i will include a link in the lesson text

will include a link in the lesson text for those who are interested in diving

for those who are interested in diving deeper and understanding all the

deeper and understanding all the information that is covered under these

information that is covered under these soa records a properly optimized and

soa records a properly optimized and updated soa record can reduce bandwidth

updated soa record can reduce bandwidth between name servers increase the speed

between name servers increase the speed of website access and ensure the site is

of website access and ensure the site is alive even when the primary dns server

alive even when the primary dns server is down and so that about covers

is down and so that about covers everything that i wanted to discuss when

everything that i wanted to discuss when it comes to resource records within dns

it comes to resource records within dns so you can now mark this lesson as

so you can now mark this lesson as complete

complete and let's move on to the next one

and let's move on to the next one [Music]

[Music] welcome back

welcome back in this lesson i'm going to be covering

in this lesson i'm going to be covering network address translation also known

network address translation also known as nat for short this is a common

as nat for short this is a common process

process used in home business and any cloud

used in home business and any cloud networks that you will encounter knowing

networks that you will encounter knowing and understanding that will help you

and understanding that will help you achieve why you would use it and what

achieve why you would use it and what makes it such a necessary process

makes it such a necessary process now there's quite a bit to cover here so

now there's quite a bit to cover here so with that being said let's dive in

with that being said let's dive in now at a high level nat is a way to map

now at a high level nat is a way to map multiple local private ip addresses to a

multiple local private ip addresses to a public ip address before transferring

public ip address before transferring the information this is done by altering

the information this is done by altering the network address data in the ip

the network address data in the ip header of the data packet while

header of the data packet while traveling through a network towards the

traveling through a network towards the destination

destination as packets pass through a nat device

as packets pass through a nat device either the source or destination ip

either the source or destination ip address is changed

address is changed then packets returning in the other

then packets returning in the other direction are translated back to the

direction are translated back to the original addresses

original addresses and this is a process that is typically

and this is a process that is typically used in most home routers that are

used in most home routers that are provided by your internet service

provided by your internet service provider now originally nat was designed

provider now originally nat was designed to deal with the scarcity of free ipv4

to deal with the scarcity of free ipv4 addresses increasing the number of

addresses increasing the number of computers that can operate off a single

computers that can operate off a single publicly routable ip address and so

publicly routable ip address and so because devices in the private ip space

because devices in the private ip space such as 192.168.0.0

cannot traverse the public internet that is needed for those devices to

that is needed for those devices to communicate with the public internet now

communicate with the public internet now ipv6 was designed to overcome the ipv4

ipv6 was designed to overcome the ipv4 shortage and has tons of available

shortage and has tons of available addresses and therefore there is no real

addresses and therefore there is no real need for nat when it comes to ipv6 now

need for nat when it comes to ipv6 now nat has an additional benefit of adding

nat has an additional benefit of adding a layer of security and privacy by

a layer of security and privacy by hiding the ip address of your devices

hiding the ip address of your devices from the outside world and only allowing

from the outside world and only allowing packets to be sent and received from the

packets to be sent and received from the originating private device and so this

originating private device and so this is a high level of what nat is now there

is a high level of what nat is now there are multiple types of not that i will be

are multiple types of not that i will be covering

covering which at a high level do the same thing

which at a high level do the same thing which is translate private i p addresses

which is translate private i p addresses to public ip addresses yet different

to public ip addresses yet different types of nat handles the process

types of nat handles the process differently so first we have static nat

differently so first we have static nat which maps a single private ip address

which maps a single private ip address to a public ip address

to a public ip address so a one-to-one mapping that gives the

so a one-to-one mapping that gives the device with the private ip address

device with the private ip address access to the public internet in both

access to the public internet in both directions

directions this is commonly used where one specific

this is commonly used where one specific device with a private address needs

device with a private address needs access to the public internet the next

access to the public internet the next type of nat is dynamic nan and this is

type of nat is dynamic nan and this is similar to static nat but doesn't hold

similar to static nat but doesn't hold the same static allocation a private ip

the same static allocation a private ip address space

address space is mapped to a pool of public ip

is mapped to a pool of public ip addresses and are allocated randomly as

addresses and are allocated randomly as needed when the ip address is no longer

needed when the ip address is no longer needed the ip address is returned back

needed the ip address is returned back to the pool ready to be used by another

to the pool ready to be used by another device

device this method is commonly used where

this method is commonly used where multiple internal hosts with private i p

multiple internal hosts with private i p addresses

addresses are sharing an equal or fewer amount of

are sharing an equal or fewer amount of public i p addresses

public i p addresses and is designed to be an efficient use

and is designed to be an efficient use of public ips and finally there is port

of public ips and finally there is port address translation or pat

address translation or pat where multiple private ip addresses are

where multiple private ip addresses are translated using a single public ip

translated using a single public ip address and a specific port

address and a specific port and this is probably what your home

and this is probably what your home router is using and will cover all the

router is using and will cover all the devices you use in your home network

devices you use in your home network this method uses ports to help

this method uses ports to help distinguish individual devices

distinguish individual devices and is also the method that is used for

and is also the method that is used for cloudnat in google cloud which i will be

cloudnat in google cloud which i will be covering in a later lesson and so i

covering in a later lesson and so i wanted to get into a bit more detail on

wanted to get into a bit more detail on how these methods work

how these methods work starting with static not

starting with static not now to set the stage for static not i'm

now to set the stage for static not i'm going to start off with a private

going to start off with a private network here on the left

network here on the left and the public ip space here on the

and the public ip space here on the right

right and the router or not device in the

and the router or not device in the middle in this example there is a server

middle in this example there is a server on the left that needs access to

on the left that needs access to external services and for this example

external services and for this example the external service we are using is the

the external service we are using is the bowtress service an image sharing site

bowtress service an image sharing site for all sorts of awesome bow ties

for all sorts of awesome bow ties so the server on the left is private

so the server on the left is private with a private ip address of 192.168.0.5

and this means it has an address in the ip version 4 private address space

ip version 4 private address space meaning that it cannot route packets

meaning that it cannot route packets over the public internet because it only

over the public internet because it only has a private ip

has a private ip the beautress service on the other hand

the beautress service on the other hand has a public ip address which is

has a public ip address which is 54.5.4.9

so the issue we run into is that the private address can't be routed over the

private address can't be routed over the public internet because it's private and

public internet because it's private and the public address of the beau trust

the public address of the beau trust service

service can't directly communicate with any

can't directly communicate with any private address because public and

private address because public and private addresses can communicate over

private addresses can communicate over the public internet what we need is to

the public internet what we need is to translate the private address that the

translate the private address that the server on the left has

server on the left has to a public ip that can communicate with

to a public ip that can communicate with the service on the right and vice versa

the service on the right and vice versa now then that device will map the

now then that device will map the private ip to public ip

private ip to public ip using and maintaining a nat table and in

using and maintaining a nat table and in this case of static nat the nat device

this case of static nat the nat device will have a one-to-one mapping of the

will have a one-to-one mapping of the private ip address to a public ip

private ip address to a public ip address and can be allocated to the

address and can be allocated to the device specified which in this case is

device specified which in this case is the server marked as 192.168.0.15

and so in order for the server on the left

left to communicate with the beautress

to communicate with the beautress service the server will generate a

service the server will generate a packet as normal with the source ip of

packet as normal with the source ip of the packet being the server's private ip

the packet being the server's private ip address and the destination ip of the

address and the destination ip of the packet being the ip of the bowtrust

packet being the ip of the bowtrust service now the router in the middle is

service now the router in the middle is the default gateway for any destination

the default gateway for any destination so any ip packets which are destined for

so any ip packets which are destined for anything but the local network are sent

anything but the local network are sent to the router so as you can see here

to the router so as you can see here with the entry in the table it will

with the entry in the table it will contain the private i p address of

contain the private i p address of 192.168.0.15

and mapped to the public address which in this case is 73.6.2.33

and these are statically mapped to one another and so as the packet passes

another and so as the packet passes through the nat device the source

through the nat device the source address of the packet is translated

address of the packet is translated from the private address to the mapped

from the private address to the mapped public address and this results in a new

public address and this results in a new packet so this new packet still has

packet so this new packet still has beautrest as the destination

beautrest as the destination but now it has a valid public ip address

but now it has a valid public ip address as the source

as the source and so this is the translation that

and so this is the translation that happens through nat now this process

happens through nat now this process works in a similar way in the other

works in a similar way in the other direction

direction so when the beautress service receives

so when the beautress service receives the packet it sees the source as this

the packet it sees the source as this public ip

public ip so when it responds with data its packet

so when it responds with data its packet has its ip address as the source

has its ip address as the source and the previous server's public ip

and the previous server's public ip address as the destination

address as the destination so it sends this packet back to this

so it sends this packet back to this public ip so when the packet arrives at

public ip so when the packet arrives at the nat device the table is checked

the nat device the table is checked it recognizes then that the ip is for

it recognizes then that the ip is for the server and so this time for incoming

the server and so this time for incoming traffic

traffic the destination ip address is updated to

the destination ip address is updated to the corresponding private ip address and

the corresponding private ip address and then the packet is forwarded through to

then the packet is forwarded through to the private server and this is how

the private server and this is how static nat works the source i p address

static nat works the source i p address is translated from the mapped private ip

is translated from the mapped private ip to public ip

to public ip and for incoming traffic the destination

and for incoming traffic the destination i p address is translated from the

i p address is translated from the allocated public ip to the corresponding

allocated public ip to the corresponding private ip all without having to

private ip all without having to configure a public ip

configure a public ip on any private device

on any private device as they always hold their private ip

as they always hold their private ip addresses

addresses now i wanted to supply an analogy for

now i wanted to supply an analogy for nat and so a very common analogy that is

nat and so a very common analogy that is used is that of a phone service so in

used is that of a phone service so in this example

this example laura is the new manager of bow tie inc

laura is the new manager of bow tie inc new location in montreal and has put in

new location in montreal and has put in a new public phone number of

a new public phone number of 514-555-8437

although as you can see here laura also has a private extension

has a private extension of one three three seven now if george

of one three three seven now if george called laura at that public phone number

called laura at that public phone number he would reach laura without ever

he would reach laura without ever knowing her private extension so the

knowing her private extension so the private extension acts as that private

private extension acts as that private ip address

ip address and the public phone number would act as

and the public phone number would act as the public ip address and this would be

the public ip address and this would be the telephone analogy for static nat and

the telephone analogy for static nat and so this is the end of part one of this

so this is the end of part one of this lesson it was getting a bit long so i

lesson it was getting a bit long so i decided to break it up this would be a

decided to break it up this would be a great opportunity for you to get up and

great opportunity for you to get up and have a stretch get yourself a coffee or

have a stretch get yourself a coffee or a tea and whenever you're ready you can

a tea and whenever you're ready you can join me in part two where we will be

join me in part two where we will be starting immediately from the end of

starting immediately from the end of part one so you can go ahead and

part one so you can go ahead and complete this video and i will see you

complete this video and i will see you in part two

in part two [Music]

[Music] welcome back this is part two of the

welcome back this is part two of the network address translation lesson and

network address translation lesson and we will be starting exactly where we

we will be starting exactly where we left off from part 1.

left off from part 1. so with that being said let's dive in

so with that being said let's dive in now moving on to dynamic nat

now moving on to dynamic nat this method is similar to static nat

this method is similar to static nat except that devices are not allocated a

except that devices are not allocated a permanent public ip

permanent public ip a public ip address is allocated from a

a public ip address is allocated from a pool of ip addresses

pool of ip addresses as they are needed and the mapping of

as they are needed and the mapping of public to private is allocation base in

public to private is allocation base in this example there are two devices on

this example there are two devices on the left and according to the nat table

the left and according to the nat table there are two public ip addresses

there are two public ip addresses available for use

available for use 73.6.2.33

so when the laptop on the left is looking to access the beautress service

looking to access the beautress service it will generate a packet where the

it will generate a packet where the source ip

source ip is the private address of 192.168.0.13

so it sends this packet and again the router in the middle is the default

router in the middle is the default gateway for anything that isn't local as

gateway for anything that isn't local as the packet passes through the router or

the packet passes through the router or the nat device

the nat device it checks if the private ip has a

it checks if the private ip has a current allocation of public addressing

current allocation of public addressing from the pool and if it doesn't and one

from the pool and if it doesn't and one is available it allocates one

is available it allocates one dynamically and in this case

dynamically and in this case 73.6.2.34

is allocated so the packet's source i p address

so the packet's source i p address is translated to this address

is translated to this address and the packets are sent to the

and the packets are sent to the beautress service and so this process is

beautress service and so this process is the same as static not thus far

the same as static not thus far but because dynamic nat allocates these

but because dynamic nat allocates these ip addresses dynamically multiple

ip addresses dynamically multiple private devices can share a single

private devices can share a single public ip

public ip as long as the devices are not using the

as long as the devices are not using the same public ip at the same time and so

same public ip at the same time and so once the device is finished

once the device is finished communication the ip is returned back to

communication the ip is returned back to the pool and is ready for use by another

the pool and is ready for use by another device now just as a note if there's no

device now just as a note if there's no public ip addresses available

public ip addresses available the router rejects any new connections

the router rejects any new connections until you clear the nat mappings

until you clear the nat mappings but if you have as many public ip

but if you have as many public ip addresses as hosts in your network

addresses as hosts in your network you won't encounter this problem and so

you won't encounter this problem and so in this case since the lower server is

in this case since the lower server is looking to access the fashion tube

looking to access the fashion tube service

service there is an available public ip address

there is an available public ip address in the pool

in the pool of 73.6.2.33

thus giving it access to the public internet and access to fashion tube so

internet and access to fashion tube so in summary the nat device maps a private

in summary the nat device maps a private ip with the public ip in a nat table and

ip with the public ip in a nat table and public ips are allocated randomly and

public ips are allocated randomly and dynamically from a pool now this type of

dynamically from a pool now this type of knot is used where multiple internal

knot is used where multiple internal hosts with private ip addresses

hosts with private ip addresses are sharing an equal or fewer amount of

are sharing an equal or fewer amount of public ip addresses when all of those

public ip addresses when all of those private devices at some time will need

private devices at some time will need public access

public access now an example of dynamic nat using the

now an example of dynamic nat using the telephone analogy

telephone analogy would be if laura and two other bow tie

would be if laura and two other bow tie inc employees

inc employees lisa and jane

lisa and jane had private phone numbers

had private phone numbers and this would represent your private

and this would represent your private ips

ips in this example bowtie inc has three

in this example bowtie inc has three public phone numbers

public phone numbers now when any employee makes an outbound

now when any employee makes an outbound call they are routed to whichever public

call they are routed to whichever public line is open at the time so the caller

line is open at the time so the caller id on the receiver's end

id on the receiver's end would show any one of the three public

would show any one of the three public phone numbers depending on which one was

phone numbers depending on which one was given to the caller and this would

given to the caller and this would represent the public ips in the public

represent the public ips in the public ip pool

ip pool now the last type of nat which i wanted

now the last type of nat which i wanted to talk about is the one which you're

to talk about is the one which you're probably most familiar with and this is

probably most familiar with and this is port address translation which is also

port address translation which is also known as not overload and this is the

known as not overload and this is the type of not you likely use on your home

type of not you likely use on your home network port address translation is what

network port address translation is what allows a large number of private devices

allows a large number of private devices to share one public ip address

to share one public ip address giving it a many to one mapping

giving it a many to one mapping architecture now in this example we'll

architecture now in this example we'll be using three private devices on the

be using three private devices on the left

left all wanting to access fashiontube on the

all wanting to access fashiontube on the right

right a popular video sharing website of the

a popular video sharing website of the latest men's fashions

latest men's fashions shared by millions across the globe

shared by millions across the globe and this site has a public ip of

and this site has a public ip of 62.88.44.88

and accessed using tcp port 443 now the way that port address translation or pat

way that port address translation or pat works

works is to use both the ip addresses and

is to use both the ip addresses and ports

ports to allow for multiple devices to share

to allow for multiple devices to share the same public ip every tcp connection

the same public ip every tcp connection in addition to a source and destination

in addition to a source and destination ip address

ip address has a source and destination port the

has a source and destination port the source port is randomly assigned by the

source port is randomly assigned by the client so as long as the source port is

client so as long as the source port is always unique then many private clients

always unique then many private clients can use the same public ip address and

can use the same public ip address and all this information is recorded in the

all this information is recorded in the nat table on the nat device

nat table on the nat device in this example let's assume that the

in this example let's assume that the public ip address of this nat device is

public ip address of this nat device is 73.6.2.33

so when the laptop in the top left generates a packet and the packet is

generates a packet and the packet is going to fashion tube its destination ip

going to fashion tube its destination ip address is 62.80

and its destination port is 443. now the source ip of this packet is the laptop's

source ip of this packet is the laptop's private ip address of 192.168.6

and the source port is 35535 which is a randomly assigned ephemeral

which is a randomly assigned ephemeral port so the packet is routed through the

port so the packet is routed through the nat device

nat device and in transit the nat device records

and in transit the nat device records the source ip and the original source

the source ip and the original source private port

private port and it allocates a new public ip address

and it allocates a new public ip address and a new public source port which in

and a new public source port which in this case is 8844

this case is 8844 it records this information inside the

it records this information inside the not table as shown here and it adjusts

not table as shown here and it adjusts the pocket so that its source ip address

the pocket so that its source ip address is the public ip address that the nat

is the public ip address that the nat device is using and the source port is

device is using and the source port is this newly allocated source port and

this newly allocated source port and this newly adjusted packet is forwarded

this newly adjusted packet is forwarded on to fashiontube now the process is

on to fashiontube now the process is very similar with the return traffic

very similar with the return traffic where the packet will verify the

where the packet will verify the recorded ips and ports

recorded ips and ports in the nat table before forwarding the

in the nat table before forwarding the packet back to the originating source

packet back to the originating source now if the middle laptop with the ip of

now if the middle laptop with the ip of 192.168.0.14

did the same thing then the same process would be followed all of this

would be followed all of this information would be recorded in the nat

information would be recorded in the nat table a new public source port would be

table a new public source port would be allocated and would translate the packet

allocated and would translate the packet adjusting the packet's source ip address

adjusting the packet's source ip address and source port as well the same process

and source port as well the same process would happen for the laptop on the

would happen for the laptop on the bottom generating a packet with the

bottom generating a packet with the source and destination ip with the

source and destination ip with the addition of the source and destination

addition of the source and destination ports and when routed through the nat

ports and when routed through the nat device goes through its translation

device goes through its translation recording the information in the nat

recording the information in the nat table and reaching its destination again

table and reaching its destination again return traffic will be verified by the

return traffic will be verified by the recorded ips and ports in the nat table

recorded ips and ports in the nat table before forwarding the packet back to its

before forwarding the packet back to its originating source and so just as a

originating source and so just as a summary when it comes to port address

summary when it comes to port address translation the nat device records the

translation the nat device records the source ip and source port in a nat table

source ip and source port in a nat table the source ip is then replaced with a

the source ip is then replaced with a public ip and public source port

public ip and public source port and are allocated from a pool that

and are allocated from a pool that allows overloading and this is a

allows overloading and this is a many-to-one architecture

many-to-one architecture and so for the telephone analogy for pat

and so for the telephone analogy for pat let's use a phone operator example so in

let's use a phone operator example so in this instance george is trying to call

this instance george is trying to call laura now george only knows lark laura's

laura now george only knows lark laura's executive admin and only has lark's

executive admin and only has lark's phone number george does not have

phone number george does not have laura's private line lark's public phone

laura's private line lark's public phone number is the equivalent to having a

number is the equivalent to having a public ip address george calls lark who

public ip address george calls lark who then connects george to laura the caveat

then connects george to laura the caveat here is that lark never gives out

here is that lark never gives out laura's phone number in fact laura

laura's phone number in fact laura doesn't have a public phone number and

doesn't have a public phone number and can only be called by lark and here's

can only be called by lark and here's where nat can add an extra layer of

where nat can add an extra layer of security by only allowing needed ports

security by only allowing needed ports to be accessed without allowing anyone

to be accessed without allowing anyone to connect to any port now i hope this

to connect to any port now i hope this has helped you understand the process of

has helped you understand the process of network address translation

network address translation how the translation happens

how the translation happens and the process of using a nat table to

and the process of using a nat table to achieve packet translation

achieve packet translation along with its destination this is so

along with its destination this is so common in most environments that you

common in most environments that you will encounter and it's very important

will encounter and it's very important to fully understand the different types

to fully understand the different types of not

of not and how it can be used in these types of

and how it can be used in these types of environments and so that's pretty much

environments and so that's pretty much all i wanted to cover

all i wanted to cover on this lesson of network address

on this lesson of network address translation so you can now mark this

translation so you can now mark this lesson as complete

lesson as complete and let's move on to the next one

and let's move on to the next one [Music]

[Music] welcome back so now that we've covered

welcome back so now that we've covered the fundamentals of dns along with the

the fundamentals of dns along with the different record types i wanted to focus

different record types i wanted to focus in on google cloud's dns service called

in on google cloud's dns service called cloud dns now cloud dns is a fully

cloud dns now cloud dns is a fully managed service that manages dns servers

managed service that manages dns servers for your specific zones and since cloud

for your specific zones and since cloud dns shows up on the exam only on a high

dns shows up on the exam only on a high level i will be giving an overview of

level i will be giving an overview of what this service can do so with that

what this service can do so with that being said let's dive in now cloud dns

being said let's dive in now cloud dns acts as an authoritative dns server for

acts as an authoritative dns server for public zones that are visible to the

public zones that are visible to the internet or for private zones that are

internet or for private zones that are visible only within your network and is

visible only within your network and is commonly referred to as google's dns as

commonly referred to as google's dns as a service cloud dns has servers that

a service cloud dns has servers that span the globe making it a globally

span the globe making it a globally resilient service now while it is a

resilient service now while it is a global service there is no way to select

global service there is no way to select specific regions to deploy your zones

specific regions to deploy your zones and dns server policies you simply add

and dns server policies you simply add your zones records and policies and it

your zones records and policies and it is distributed amongst google's dns

is distributed amongst google's dns servers across the globe cloud dns is

servers across the globe cloud dns is also one of the few google cloud

also one of the few google cloud services that offers 100

services that offers 100 availability along with low latency

availability along with low latency access

access by leveraging google's massive global

by leveraging google's massive global network backbone now in order to use

network backbone now in order to use cloud dns with a specific publicly

cloud dns with a specific publicly available domain a domain name must be

available domain a domain name must be purchased through a domain name

purchased through a domain name registrar and you can register a domain

registrar and you can register a domain name through google domains or another

name through google domains or another domain registrar of your choice cloud

domain registrar of your choice cloud dns does not provide this service and

dns does not provide this service and just as a note that to create private

just as a note that to create private zones the purchasing of a domain name is

zones the purchasing of a domain name is not necessary now as stated earlier

not necessary now as stated earlier cloud dns offers the flexibility of

cloud dns offers the flexibility of hosting both public zones and privately

hosting both public zones and privately managed dns zones now public zones are

managed dns zones now public zones are zones that are visible to the public

zones that are visible to the public internet and so when cloud dns is

internet and so when cloud dns is managing your public domain it has

managing your public domain it has public authoritative name servers that

public authoritative name servers that respond to public zone dns queries for

respond to public zone dns queries for your specific domain now when it comes

your specific domain now when it comes to private zones these enable you to

to private zones these enable you to manage custom domain names

manage custom domain names for your google cloud resources without

for your google cloud resources without exposing any dns data to the public

exposing any dns data to the public internet a private zone can only be

internet a private zone can only be queried by resources in the same project

queried by resources in the same project where it is defined and as we discussed

where it is defined and as we discussed earlier a zone is a container of dns

earlier a zone is a container of dns records that are queried by dns so from

records that are queried by dns so from a private zone perspective these can

a private zone perspective these can only be queried by one or more vpc

only be queried by one or more vpc networks that you authorize to do so and

networks that you authorize to do so and just as a note the vpc networks that you

just as a note the vpc networks that you authorize must be located in the same

authorize must be located in the same project as the private zone to query

project as the private zone to query records hosted in manage private zones

records hosted in manage private zones in other projects the use of dns peering

in other projects the use of dns peering is needed now i don't want to get too

is needed now i don't want to get too deep into dns peering

deep into dns peering but just know that vpc network peering

but just know that vpc network peering is not required for the cloud dns

is not required for the cloud dns peering zone to operate peering zones do

peering zone to operate peering zones do not depend on vpc network peering now

not depend on vpc network peering now each managed zone that you create is

each managed zone that you create is associated with a google cloud project

associated with a google cloud project and once this zone is created it is

and once this zone is created it is hosted by google's managed name servers

hosted by google's managed name servers now these zones are always hosted on

now these zones are always hosted on google's manage name servers within

google's manage name servers within google cloud so you would create records

google cloud so you would create records and record sets and these servers would

and record sets and these servers would then become allocated to that specific

then become allocated to that specific zone hosting your records and record

zone hosting your records and record sets and just as a quick reminder a

sets and just as a quick reminder a record set is the collection of dns

record set is the collection of dns records in a zone that have the same

records in a zone that have the same name and are of the same type most

name and are of the same type most records contain a single record but it's

records contain a single record but it's not uncommon to see record sets a great

not uncommon to see record sets a great example of this are a records or ns

example of this are a records or ns records which we discussed earlier and

records which we discussed earlier and these records can usually be found in

these records can usually be found in pairs

pairs and so now to give you a practical

and so now to give you a practical example of cloud dns i wanted to bring

example of cloud dns i wanted to bring the theory into practice through a short

the theory into practice through a short demo where i'll be creating a managed

demo where i'll be creating a managed private zone so whenever you're ready

private zone so whenever you're ready join me in the console and so here we

join me in the console and so here we are back in the console and i'm logged

are back in the console and i'm logged in as tonybowties gmail.com and i'm

in as tonybowties gmail.com and i'm currently in project bowtie inc so now

currently in project bowtie inc so now to get to cloud dns i'm going to go over

to get to cloud dns i'm going to go over to the navigation menu i'm going to

to the navigation menu i'm going to scroll down to network services and go

scroll down to network services and go over to cloud dns

over to cloud dns and because i currently don't have any

and because i currently don't have any zones

zones i'm prompted with only one option which

i'm prompted with only one option which is to create a zone and so i'm going to

is to create a zone and so i'm going to go ahead and create a zone and so here

go ahead and create a zone and so here i've been prompted with a bunch of

i've been prompted with a bunch of different options in order to create my

different options in order to create my dns zone and so the first option that i

dns zone and so the first option that i have is zone type and because i'm

have is zone type and because i'm creating a private zone i'm going to

creating a private zone i'm going to simply click on private and i need to

simply click on private and i need to provide a zone name which i'm going to

provide a zone name which i'm going to call tony bowtie next i'm going to have

call tony bowtie next i'm going to have to provide a dns name which i will call

to provide a dns name which i will call tony bowtie dot private and under the

tony bowtie dot private and under the description i'm just going to type in

description i'm just going to type in private zone for tony bowtie and so the

private zone for tony bowtie and so the next field i've been given is the

next field i've been given is the options field where it is currently

options field where it is currently marked as default private and so if i go

marked as default private and so if i go over here to the right hand side and

over here to the right hand side and open up the drop down menu i'm given the

open up the drop down menu i'm given the options to forward queries to another

options to forward queries to another server dns peering manage reverse lookup

server dns peering manage reverse lookup zones and use a service directory

zones and use a service directory namespace and so depending on your type

namespace and so depending on your type of scenario one of these five options in

of scenario one of these five options in most cases will suffice so i'm going to

most cases will suffice so i'm going to keep it under default private and under

keep it under default private and under networks it says your private zone will

networks it says your private zone will be visible to the selected networks

be visible to the selected networks and so i'm going to click on the drop

and so i'm going to click on the drop down and i'm giving only the option of

down and i'm giving only the option of the default network because it's the

the default network because it's the only network that i have and so i'm

only network that i have and so i'm going to select it

going to select it and i'm going to click on the white

and i'm going to click on the white space and if i feel so inclined i can

space and if i feel so inclined i can simply click on the shortcut for the

simply click on the shortcut for the command line and here i'm given this

command line and here i'm given this specific commands if i was to use the

specific commands if i was to use the command line in order to create this dns

command line in order to create this dns zone so i'm going to click on close here

zone so i'm going to click on close here and i'm going to click on create and as

and i'm going to click on create and as you can see here my zone has been

you can see here my zone has been created along with a couple of dns

created along with a couple of dns records the first one being my name

records the first one being my name server records as well as my start of

server records as well as my start of authority records and so as a note to

authority records and so as a note to know for the exam when creating a zone

know for the exam when creating a zone these two records will always be created

these two records will always be created both the soa record and the ns record

both the soa record and the ns record and moving on to some other options here

and moving on to some other options here i can add another record set if i choose

i can add another record set if i choose to again the dns name the record type

to again the dns name the record type which i have a whole slew of record

which i have a whole slew of record types to choose from it's ttl and the ip

types to choose from it's ttl and the ip address but i'm not going to add any

address but i'm not going to add any records so i'm just going to cancel and

records so i'm just going to cancel and by clicking in use by i can view which

by clicking in use by i can view which vpc network is using this zone and as

vpc network is using this zone and as expected the default network shows up

expected the default network shows up and i also have the choice of adding

and i also have the choice of adding another network but since i don't have

another network but since i don't have any other networks i can't add anything

any other networks i can't add anything so i'm going to simply cancel i also

so i'm going to simply cancel i also have the option of removing any networks

have the option of removing any networks so if i click on this i can remove the

so if i click on this i can remove the network or i can also remove the network

network or i can also remove the network by clicking on the hamburger menu and so

by clicking on the hamburger menu and so as you can see i have a slew of options

as you can see i have a slew of options to choose from when creating zones and

to choose from when creating zones and record sets and so that about covers

record sets and so that about covers everything that i wanted to show you

everything that i wanted to show you here in cloud dns

here in cloud dns but before i go i'm going to go ahead

but before i go i'm going to go ahead and clean up and i'm just going to click

and clean up and i'm just going to click on the garbage can here on the right

on the garbage can here on the right hand side of the zone and i'm going to

hand side of the zone and i'm going to be prompted if i want to delete the zone

be prompted if i want to delete the zone yes i do so i'm going to click on delete

yes i do so i'm going to click on delete and so that pretty much covers

and so that pretty much covers everything that i wanted to show you

everything that i wanted to show you with regards to cloud dns so you can now

with regards to cloud dns so you can now mark this lesson as complete and let's

mark this lesson as complete and let's move on to the next one

welcome back now before we step into the compute engine section of the course

compute engine section of the course i wanted to cover a basic foundation of

i wanted to cover a basic foundation of what makes these vms possible

what makes these vms possible and this is where a basic understanding

and this is where a basic understanding of virtualization comes into play now

of virtualization comes into play now this is merely an introductory lesson to

this is merely an introductory lesson to virtualization and i won't be getting

virtualization and i won't be getting too deep into the underpinnings it

too deep into the underpinnings it serves as just a basic foundation as to

serves as just a basic foundation as to how compute engine gets its features

how compute engine gets its features under the hood and how they are possible

under the hood and how they are possible through the use of virtualization for

through the use of virtualization for more in-depth understanding on

more in-depth understanding on virtualization i will be including some

virtualization i will be including some links in the lesson text for those who

links in the lesson text for those who are looking to learn more but for now

are looking to learn more but for now this will provide just enough theory to

this will provide just enough theory to help you understand how compute engine

help you understand how compute engine works

works so with that being said let's dive in so

so with that being said let's dive in so what exactly is virtualization well

what exactly is virtualization well virtualization is the process of running

virtualization is the process of running multiple operating systems on a server

multiple operating systems on a server simultaneously now before virtualization

simultaneously now before virtualization became popular a standard model was used

became popular a standard model was used where an operating system would be

where an operating system would be installed on a server

installed on a server so the server would consist of typical

so the server would consist of typical hardware like cpu

hardware like cpu memory network cards and other devices

memory network cards and other devices such as video cards usb devices and

such as video cards usb devices and storage and then the operating system

storage and then the operating system would run on top of the hardware now

would run on top of the hardware now there is a middle layer of the operating

there is a middle layer of the operating system a supervisor if you will that is

system a supervisor if you will that is responsible for interacting with

responsible for interacting with underlying hardware and this is known as

underlying hardware and this is known as the kernel the kernel manages the

the kernel the kernel manages the distribution of the hardware resources

distribution of the hardware resources of the computer efficiently and fairly

of the computer efficiently and fairly among all the various processes running

among all the various processes running on the computer now the kernel operates

on the computer now the kernel operates under what is called kernel mode or

under what is called kernel mode or privilege mode as it runs privileged

privilege mode as it runs privileged instructions that interacts with the

instructions that interacts with the hardware directly now the operating

hardware directly now the operating system allows other software to run on

system allows other software to run on top of it like an application

top of it like an application but cannot interact directly with the

but cannot interact directly with the hardware it must interact with the

hardware it must interact with the operating system in user mode or

operating system in user mode or non-privileged mode so when lark decides

non-privileged mode so when lark decides to do something on an application that

to do something on an application that needs to use the system hardware that

needs to use the system hardware that application needs to go through the

application needs to go through the operating system it needs to make what's

operating system it needs to make what's known as a system call and this is the

known as a system call and this is the model of running one operating system on

model of running one operating system on a single server now when passed servers

a single server now when passed servers would traditionally run one application

would traditionally run one application on one server with one operating system

on one server with one operating system in the old system the number of servers

in the old system the number of servers would continue to mount

would continue to mount since every new application required its

since every new application required its own server and its own operating system

own server and its own operating system as a result expensive hardware resources

as a result expensive hardware resources were purchased but not used and each

were purchased but not used and each server would use approximately under 20

server would use approximately under 20 of its resources on average server

of its resources on average server resources were then known as

resources were then known as underutilized now there came a time when

underutilized now there came a time when multiple operating systems were

multiple operating systems were installed on one computer

installed on one computer isolated from each other with each

isolated from each other with each operating system running their own

operating system running their own applications this was a perfect model to

applications this was a perfect model to consolidate hardware and keep

consolidate hardware and keep utilization high but there is a major

utilization high but there is a major issue that arose each cpu at this given

issue that arose each cpu at this given moment in time could only have one thing

moment in time could only have one thing running as privileged so having multiple

running as privileged so having multiple operating systems running on their own

operating systems running on their own in an unmodified state

in an unmodified state and expecting to be running on their own

and expecting to be running on their own in a privileged state running privileged

in a privileged state running privileged instructions

instructions was causing instability in systems

was causing instability in systems causing not just application crashes but

causing not just application crashes but system crashes now a hypervisor is what

system crashes now a hypervisor is what solved this problem it is a small

solved this problem it is a small software layer that enables multiple

software layer that enables multiple operating systems to run alongside each

operating systems to run alongside each other

other sharing the same physical computing

sharing the same physical computing resources these operating systems come

resources these operating systems come as virtual machines or vms and these are

as virtual machines or vms and these are files that mimic an entire computing

files that mimic an entire computing hardware environment in software the

hardware environment in software the hypervisor also known as a virtual

hypervisor also known as a virtual machine monitor or vmm

machine monitor or vmm manages these vms as they run alongside

manages these vms as they run alongside each other it separates virtual machines

each other it separates virtual machines from each other logically assigning each

from each other logically assigning each its own slice of the underlying

its own slice of the underlying computing cpu memory and other devices

computing cpu memory and other devices like graphics network and storage this

like graphics network and storage this prevents the vms from interfering with

prevents the vms from interfering with each other so if for example one

each other so if for example one operating system suffers a crash or a

operating system suffers a crash or a security compromise the others will

security compromise the others will survive and continue running now the

survive and continue running now the hypervisor was never as efficient as how

hypervisor was never as efficient as how you see it here it went through some

you see it here it went through some major iterations that gave its structure

major iterations that gave its structure as we know it today initially

as we know it today initially virtualization had to be done in

virtualization had to be done in software or what we now refer to as the

software or what we now refer to as the host machine

host machine and the operating system with its

and the operating system with its applications put in logical containers

applications put in logical containers known as virtual machines or guests the

known as virtual machines or guests the operating system would be installed on

operating system would be installed on the host which included additional

the host which included additional capabilities called a hypervisor and

capabilities called a hypervisor and allowed it to make the necessary

allowed it to make the necessary privileged calls to the hardware

privileged calls to the hardware having full access to the host the

having full access to the host the hypervisor exposed the interface of the

hypervisor exposed the interface of the hardware device that is available on the

hardware device that is available on the host

host and allowed it to be mapped to the

and allowed it to be mapped to the virtual machine and emulated the

virtual machine and emulated the behavior of this device and this allowed

behavior of this device and this allowed the virtual machine using the operating

the virtual machine using the operating system drivers that were designed to

system drivers that were designed to interact with the emulated device

interact with the emulated device without installing any special drivers

without installing any special drivers or tools

or tools as well as keeping the operating system

as well as keeping the operating system unmodified the problem here is that it

unmodified the problem here is that it was all emulated and so every time the

was all emulated and so every time the virtual machines made calls back to the

virtual machines made calls back to the host each instruction needed to be

host each instruction needed to be translated by the hypervisor

translated by the hypervisor using what's called a binary translation

using what's called a binary translation now without this translation the

now without this translation the emulation wouldn't work and would cause

emulation wouldn't work and would cause system crashes bringing down all virtual

system crashes bringing down all virtual machines in the process now the problem

machines in the process now the problem with this process is that it made the

with this process is that it made the system painfully slow and it was this

system painfully slow and it was this performance penalty that caused this

performance penalty that caused this process to not be so widely adopted but

process to not be so widely adopted but then another type of virtualization came

then another type of virtualization came on the scene called para virtualization

on the scene called para virtualization now in this model a modified guest

now in this model a modified guest operating system is able to speak

operating system is able to speak directly to the hypervisor and this

directly to the hypervisor and this involves having the operating system

involves having the operating system kernel to be modified and recompiled

kernel to be modified and recompiled before installation onto the virtual

before installation onto the virtual machine this would allow the operating

machine this would allow the operating system to talk directly with the

system to talk directly with the hypervisor without any performance hits

hypervisor without any performance hits as there is no translation going on like

as there is no translation going on like an emulation para virtualization

an emulation para virtualization replaces instructions that cannot be

replaces instructions that cannot be virtualized with hyper calls that

virtualized with hyper calls that communicate directly with the hypervisor

communicate directly with the hypervisor so a hypercall is based on the same

so a hypercall is based on the same concept as a system call privileged

concept as a system call privileged instructions

instructions that accept instead of calling the

that accept instead of calling the kernel directly it calls the hypervisor

kernel directly it calls the hypervisor and due to the modification in this

and due to the modification in this guest operating system performance is

guest operating system performance is enhanced as the modified guest operating

enhanced as the modified guest operating system communicates directly with the

system communicates directly with the hypervisor and emulation overhead is

hypervisor and emulation overhead is removed the guest operating system

removed the guest operating system becomes almost virtualization aware yet

becomes almost virtualization aware yet there is still a process whereby

there is still a process whereby software was used to speak to the

software was used to speak to the hardware the virtual machines could

hardware the virtual machines could still not access the hardware directly

still not access the hardware directly although

although things changed in the world of

things changed in the world of virtualization when the physical

virtualization when the physical hardware on the host became

hardware on the host became virtualization aware and this is where

virtualization aware and this is where hardware assisted virtualization came

hardware assisted virtualization came into play now hardware assisted

into play now hardware assisted virtualization is an approach that

virtualization is an approach that enables efficient

enables efficient full virtualization using help from

full virtualization using help from hardware capabilities

hardware capabilities on the host cpu using this model the

on the host cpu using this model the operating system has direct access to

operating system has direct access to resources without any hypervisor

resources without any hypervisor emulation or operating system

emulation or operating system modification the hardware itself becomes

modification the hardware itself becomes virtualization aware the cpu contains

virtualization aware the cpu contains specific instructions and capabilities

specific instructions and capabilities so that the hypervisor can directly

so that the hypervisor can directly control and configure this support it

control and configure this support it also provides improved performance

also provides improved performance because the privileged instructions from

because the privileged instructions from the virtual machines are now trapped and

the virtual machines are now trapped and emulated in the hardware directly this

emulated in the hardware directly this means that the operating system kernels

means that the operating system kernels no longer need to be modified and

no longer need to be modified and recompiled like in para virtualization

recompiled like in para virtualization and can run as is at the same time the

and can run as is at the same time the hypervisor also does not need to be

hypervisor also does not need to be involved in the extremely slow process

involved in the extremely slow process of binary translation now there is one

of binary translation now there is one more iteration that i wanted to discuss

more iteration that i wanted to discuss when it comes to virtualization and that

when it comes to virtualization and that is kernel level virtualization

is kernel level virtualization now instead of using a hypervisor

now instead of using a hypervisor kernel level virtualization runs a

kernel level virtualization runs a separate version of the linux kernel and

separate version of the linux kernel and sees the associated virtual machine as a

sees the associated virtual machine as a user space process on the physical host

user space process on the physical host this makes it easy to run multiple

this makes it easy to run multiple virtual machines on a single host a

virtual machines on a single host a device driver is used for communication

device driver is used for communication between the main linux kernel and the

between the main linux kernel and the virtual machine every vm is implemented

virtual machine every vm is implemented as a regular linux process

as a regular linux process scheduled by the standard linux

scheduled by the standard linux scheduler

scheduler with dedicated virtual hardware like a

with dedicated virtual hardware like a network card

network card graphics adapter

graphics adapter cpu memory and disk hardware support by

cpu memory and disk hardware support by the cpu is required for virtualization a

the cpu is required for virtualization a slightly modified emulation process is

slightly modified emulation process is used as the display and execution

used as the display and execution containers for the virtual machines in

containers for the virtual machines in many ways kernel level virtualization is

many ways kernel level virtualization is a specialized form of server

a specialized form of server virtualization and this is the type of

virtualization and this is the type of virtualization platform that is used in

virtualization platform that is used in all of google cloud now with this type

all of google cloud now with this type of virtualization because of the kernel

of virtualization because of the kernel acting as the hypervisor it enables a

acting as the hypervisor it enables a specific feature called nested

specific feature called nested virtualization now with nested

virtualization now with nested virtualization it is made possible to

virtualization it is made possible to install a hypervisor on top of the

install a hypervisor on top of the already running virtual machine

already running virtual machine and so this is what google cloud has

and so this is what google cloud has done now you're probably wondering after

done now you're probably wondering after going through all the complexities

going through all the complexities involved with previous virtualization

involved with previous virtualization models

models what makes this scenario worthwhile well

what makes this scenario worthwhile well using nested virtualization it makes it

using nested virtualization it makes it easier for users to move their

easier for users to move their on-premises

on-premises virtualized workloads to the cloud

virtualized workloads to the cloud without having to import and convert vm

without having to import and convert vm images so in essence

images so in essence it eases the use when migrating to cloud

it eases the use when migrating to cloud a great use case for many but wouldn't

a great use case for many but wouldn't be possible on google cloud without the

be possible on google cloud without the benefit of running kernel level

benefit of running kernel level virtualization now this is an advanced

virtualization now this is an advanced concept that does not show up on the

concept that does not show up on the exam but i wanted you to understand

exam but i wanted you to understand virtualization at a high level

virtualization at a high level so that you can understand nested

so that you can understand nested virtualization within google cloud

virtualization within google cloud as it is a part of the feature set of

as it is a part of the feature set of compute engine and so that's pretty much

compute engine and so that's pretty much all i wanted to cover when it comes to

all i wanted to cover when it comes to virtualization

virtualization so you can now mark this lesson as

so you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

one [Music]

[Music] welcome back now earlier on in the

welcome back now earlier on in the course i discussed compute engine at a

course i discussed compute engine at a high level to understand what it is and

high level to understand what it is and what it does the goal for this section

what it does the goal for this section is to dive deeper into compute engine as

is to dive deeper into compute engine as it comes up heavily on the exam and so i

it comes up heavily on the exam and so i want to make sure i expose all the

want to make sure i expose all the nuances

nuances as well it is the go-to service offering

as well it is the go-to service offering from google cloud when looking to solve

from google cloud when looking to solve any general computing needs with this

any general computing needs with this lesson specifically i will be going into

lesson specifically i will be going into what makes up an instance and the

what makes up an instance and the different options that are available

different options that are available when creating the instance so with that

when creating the instance so with that being said let's dive in

being said let's dive in now compute engine lets you create and

now compute engine lets you create and run virtual machines known as instances

run virtual machines known as instances and host them on google's infrastructure

and host them on google's infrastructure compute engine is google's

compute engine is google's infrastructure as a service virtual

infrastructure as a service virtual machine offering so it being an is

machine offering so it being an is service google takes care of the

service google takes care of the virtualization platform the physical

virtualization platform the physical servers the network and storage along

servers the network and storage along with managing the data center and these

with managing the data center and these instances are available in different

instances are available in different sizes depending on how much cpu and

sizes depending on how much cpu and memory you might need as well compute

memory you might need as well compute engine offers different family types for

engine offers different family types for the type of workload you need it for

the type of workload you need it for each instance is charged by the second

each instance is charged by the second after the first minute as this is a

after the first minute as this is a consumption based model and as well

consumption based model and as well these instances are launched in a vpc

these instances are launched in a vpc network in a specific zone and these

network in a specific zone and these instances will actually sit on hosts in

instances will actually sit on hosts in these zones and you will be given the

these zones and you will be given the option of using a multi-tenant host

option of using a multi-tenant host where the server that is hosting your

where the server that is hosting your machine is shared with others

machine is shared with others but please note that each instance is

but please note that each instance is completely isolated from the other so no

completely isolated from the other so no one can see each other's instances

one can see each other's instances now you're also given the option of

now you're also given the option of running your instance on a sole tenant

running your instance on a sole tenant node whereby your instance is on its own

node whereby your instance is on its own dedicated hosts that is reserved just

dedicated hosts that is reserved just for you and you alone you don't share it

for you and you alone you don't share it with anyone else and this is strictly

with anyone else and this is strictly for you only now although this option

for you only now although this option may sound really great it does come at a

may sound really great it does come at a steep cost

steep cost so only if your use case requires you to

so only if your use case requires you to use a sole tenant node for security or

use a sole tenant node for security or compliance purposes i recommend that you

compliance purposes i recommend that you stick with a multi-tenant host when

stick with a multi-tenant host when launching your instances and this is

launching your instances and this is usually the most common selection for

usually the most common selection for most

most now compute engine instances can be

now compute engine instances can be configured in many different ways and

configured in many different ways and allow you the flexibility to fulfill the

allow you the flexibility to fulfill the requests for your specific scenario and

requests for your specific scenario and as you can see here there are four

as you can see here there are four different base options when it comes to

different base options when it comes to configuration of the instance that you

configuration of the instance that you are preparing to launch and so i wanted

are preparing to launch and so i wanted to take time to go through them in just

to take time to go through them in just a bit of detail for context starting

a bit of detail for context starting first with the machine type which covers

first with the machine type which covers vcpu and memory now there are many

vcpu and memory now there are many different predefined machine types that

different predefined machine types that i will be covering in great depth in a

i will be covering in great depth in a different lesson but for now just know

different lesson but for now just know that they are available in different

that they are available in different families depending on your needs and can

families depending on your needs and can be chosen from the general

be chosen from the general compute optimize and memory optimize

compute optimize and memory optimize machine types they are available in

machine types they are available in intel or amd flavors and if the

intel or amd flavors and if the pre-defined options doesn't fit your

pre-defined options doesn't fit your need you have the option of creating a

need you have the option of creating a custom machine that will suit your

custom machine that will suit your specific workload now when creating a vm

specific workload now when creating a vm instance on compute engine each virtual

instance on compute engine each virtual cpu or vcpu is implemented as a single

cpu or vcpu is implemented as a single hardware hyper thread on one of the

hardware hyper thread on one of the available cpu processors that live on

available cpu processors that live on the host now when choosing the amount of

the host now when choosing the amount of vcpus on an instance

vcpus on an instance you must take into consideration the

you must take into consideration the desired network throughput as the amount

desired network throughput as the amount of vcpus will determine this throughput

of vcpus will determine this throughput as the bandwidth is determined per vm

as the bandwidth is determined per vm instance not per network interface or

instance not per network interface or per ip address and so the network

per ip address and so the network throughput is determined by calculating

throughput is determined by calculating 2 gigabits per second for every vcpu on

2 gigabits per second for every vcpu on your instance so if you're looking for

your instance so if you're looking for greater network throughput then you may

greater network throughput then you may want to select an instance with more

want to select an instance with more vcpus and so once you've determined a

vcpus and so once you've determined a machine type for your compute engine

machine type for your compute engine instance you will need to provide it an

instance you will need to provide it an image with an operating system to boot

image with an operating system to boot up with now when creating your vm

up with now when creating your vm instances you must use an operating

instances you must use an operating system image to create boot disks for

system image to create boot disks for your instances now compute engine offers

your instances now compute engine offers many pre-configured public images that

many pre-configured public images that have compatible linux or windows

have compatible linux or windows operating systems and these operating

operating systems and these operating system images can be used to create and

system images can be used to create and start instances compute engine uses your

start instances compute engine uses your selected image to create a persistent

selected image to create a persistent boot disk for each instance by default

boot disk for each instance by default the boot disk for your instance is the

the boot disk for your instance is the same size as the image that you selected

same size as the image that you selected and you can use most public images at no

and you can use most public images at no additional cost but please be aware that

additional cost but please be aware that there are some premium images that do

there are some premium images that do add additional cost to your instances

add additional cost to your instances now moving on to custom images this is a

now moving on to custom images this is a boot disk image that you own and control

boot disk image that you own and control access to a private image if you will

access to a private image if you will custom images are available only to your

custom images are available only to your cloud project unless you specifically

cloud project unless you specifically decide to share them with another

decide to share them with another project or another organization you can

project or another organization you can create a custom image from boot disks or

create a custom image from boot disks or other images then use the custom image

other images then use the custom image to create an instance custom images that

to create an instance custom images that you import to compute engine add no cost

you import to compute engine add no cost to your instances but do incur an image

to your instances but do incur an image storage charge

storage charge while you keep your custom image in your

while you keep your custom image in your project now the third option that you

project now the third option that you have is by using a marketplace image now

have is by using a marketplace image now google cloud marketplace lets you

google cloud marketplace lets you quickly deploy

quickly deploy functional software packages that run on

functional software packages that run on google cloud you can start up a software

google cloud you can start up a software package without having to manually

package without having to manually configure the software the vm instances

configure the software the vm instances the storage or even the network settings

the storage or even the network settings this is a all-in-one instance template

this is a all-in-one instance template that includes the operating system and

that includes the operating system and the software pre-configured and you can

the software pre-configured and you can deploy a software package whenever you

deploy a software package whenever you like and is by far the easiest way to

like and is by far the easiest way to launch a software package and i will be

launch a software package and i will be giving you a run through on these

giving you a run through on these marketplace images in a later demo now

marketplace images in a later demo now once you've decided on your machine type

once you've decided on your machine type as well as the type of image that you

as well as the type of image that you wanted to use moving into the type of

wanted to use moving into the type of storage that you want would be your next

storage that you want would be your next step now when configuring a new instance

step now when configuring a new instance you will need to create a new boot disk

you will need to create a new boot disk for it and this is where performance

for it and this is where performance versus cost comes into play as you have

versus cost comes into play as you have the option to pay less and have a slower

the option to pay less and have a slower disk speed or lower iops or you can

disk speed or lower iops or you can choose to have fast disk speed with

choose to have fast disk speed with higher iops but pay a higher cost and so

higher iops but pay a higher cost and so the slowest and most inexpensive of

the slowest and most inexpensive of these options is the standard persistent

these options is the standard persistent disk which are backed by standard hard

disk which are backed by standard hard disk drives the balance persistent disks

disk drives the balance persistent disks are backed by solid state drives and are

are backed by solid state drives and are faster and can provide higher iops than

faster and can provide higher iops than the standard option and lastly ssd is

the standard option and lastly ssd is the fastest option which also brings

the fastest option which also brings with it the highest iops available for

with it the highest iops available for persistent disks now outside of these

persistent disks now outside of these three options for persistent disks you

three options for persistent disks you also have the option of choosing a local

also have the option of choosing a local ssd and these are solid state drives

ssd and these are solid state drives that are physically attached to the

that are physically attached to the server that hosts your vm instances and

server that hosts your vm instances and this is why they have the highest

this is why they have the highest throughput and lowest latency than any

throughput and lowest latency than any of the available persistent disks just

of the available persistent disks just as a note the data that you store on a

as a note the data that you store on a local ssd persists only until the

local ssd persists only until the instance is stopped or deleted which is

instance is stopped or deleted which is why local ssds are suited only for

why local ssds are suited only for temporary storage such as caches or swap

temporary storage such as caches or swap disk and so lastly moving into

disk and so lastly moving into networking

networking each network interface of a compute

each network interface of a compute engine instance is associated with a

engine instance is associated with a subnet of a unique vpc network as you've

subnet of a unique vpc network as you've seen in the last section you can do this

seen in the last section you can do this with an auto a default or a custom

with an auto a default or a custom network each network is available in

network each network is available in many different regions and zones within

many different regions and zones within that region we've also experienced

that region we've also experienced routing traffic for our instance both in

routing traffic for our instance both in and out of the vpc network

and out of the vpc network by use of firewall rules targeting ip

by use of firewall rules targeting ip ranges

ranges specific network tags or by instances

specific network tags or by instances within the network now load balancers

within the network now load balancers are responsible for helping distribute

are responsible for helping distribute user traffic

user traffic across multiple instances either within

across multiple instances either within the network or externally using a

the network or externally using a regional or global load balancer

regional or global load balancer and i will be getting into low balancing

and i will be getting into low balancing in another section of the course but i

in another section of the course but i wanted to stress that load balancers are

wanted to stress that load balancers are part of instance networking that help

part of instance networking that help route and manage traffic coming in and

route and manage traffic coming in and going out of the network

going out of the network and so this is a high level overview of

and so this is a high level overview of the different configuration types that

the different configuration types that go into putting together an instance and

go into putting together an instance and i will be diving deeper into each

i will be diving deeper into each in this section as well i will be

in this section as well i will be putting a hands-on approach to this by

putting a hands-on approach to this by creating an instance in the next lesson

creating an instance in the next lesson and focusing on the different available

and focusing on the different available features that you can use for your

features that you can use for your specific use case and so this is all i

specific use case and so this is all i wanted to cover for this lesson so you

wanted to cover for this lesson so you can now mark this lesson as complete and

can now mark this lesson as complete and let's move on to the next one

let's move on to the next one [Music]

[Music] welcome back now i know in previous

welcome back now i know in previous demonstrations we've built quite a few

demonstrations we've built quite a few compute engine instances and have

compute engine instances and have configured them accordingly in this

configured them accordingly in this demonstration we're going to go through

demonstration we're going to go through a build of another instance but i wanted

a build of another instance but i wanted to dig deeper into the specific

to dig deeper into the specific configurations that are available for

configurations that are available for compute engine so with that being said

compute engine so with that being said let's dive in and so i am now logged in

let's dive in and so i am now logged in under tony bowties gmail.com as well i

under tony bowties gmail.com as well i am logged in under the bowtie inc

am logged in under the bowtie inc project so in order to kick off this

project so in order to kick off this demo i'm going to head on over to the

demo i'm going to head on over to the compute engine console so i'm going to

compute engine console so i'm going to go over to the navigation menu and i'm

go over to the navigation menu and i'm going to scroll down to compute engine

going to scroll down to compute engine and so here i'm prompted

and so here i'm prompted to either create or import a vm instance

to either create or import a vm instance as well as taking the quick start and so

as well as taking the quick start and so i'm not going to import or take the

i'm not going to import or take the quick start so i'm going to simply click

quick start so i'm going to simply click on create

on create and so i want to take a moment here to

and so i want to take a moment here to focus on the left hand menu where there

focus on the left hand menu where there are a bunch of different options to

are a bunch of different options to create any given instance so the first

create any given instance so the first and default option allows me to create

and default option allows me to create the instance from scratch choosing the

the instance from scratch choosing the new vm instance from template option

new vm instance from template option allows me to create a new instance from

allows me to create a new instance from an instance template and because i don't

an instance template and because i don't have any instance templates i am

have any instance templates i am prompted here with the option to create

prompted here with the option to create one and so for those of you who are

one and so for those of you who are unfamiliar with instance templates

unfamiliar with instance templates templates are used in managed instance

templates are used in managed instance groups and define instance properties

groups and define instance properties for when instances are launched within

for when instances are launched within that managed instance group but don't

that managed instance group but don't worry i will be covering instance groups

worry i will be covering instance groups and instant templates in a later lesson

and instant templates in a later lesson the next option that's available is new

the next option that's available is new vm instance from machine image and an

vm instance from machine image and an image is a clone or a copy of an

image is a clone or a copy of an instance and again i will be covering

instance and again i will be covering this in a separate lesson and going

this in a separate lesson and going through all the details of machine

through all the details of machine images but if i did have any machine

images but if i did have any machine images i would be able to create my

images i would be able to create my instance from here but since i do not i

instance from here but since i do not i am prompted with the option to create a

am prompted with the option to create a new machine image now the last option

new machine image now the last option that i wanted to show you is the

that i wanted to show you is the marketplace

marketplace and so the marketplace has existing

and so the marketplace has existing machine images that are all

machine images that are all pre-configured with its proper operating

pre-configured with its proper operating system as well as the software to

system as well as the software to accompany it so for instance if i'm

accompany it so for instance if i'm looking to create a vm with a wordpress

looking to create a vm with a wordpress installation on it i can simply go up to

installation on it i can simply go up to the top to the search bar type in

the top to the search bar type in wordpress and i will be presented with

wordpress and i will be presented with many different options and i'm just

many different options and i'm just going to choose the one here at the top

going to choose the one here at the top and i am presented with 49 results of

and i am presented with 49 results of virtual machines with different types of

virtual machines with different types of wordpress installations on them and

wordpress installations on them and these are all different instances that

these are all different instances that have been configured specifically for

have been configured specifically for wordpress by different companies like

wordpress by different companies like lightspeed analog innovation and

lightspeed analog innovation and cognosis inc and so for this

cognosis inc and so for this demonstration i'm going to choose

demonstration i'm going to choose wordpress on centos 7

wordpress on centos 7 and here i'm giving an overview about

and here i'm giving an overview about the software itself i'm also given

the software itself i'm also given information about the company that

information about the company that configured this as well at the top i'm

configured this as well at the top i'm given a monthly estimated cost for this

given a monthly estimated cost for this specific instance and if i scroll down

specific instance and if i scroll down the page i can get a little bit more

the page i can get a little bit more information with regards to this image

information with regards to this image and as shown here on the right i can see

and as shown here on the right i can see my pricing the usage fee will cost me

my pricing the usage fee will cost me 109 a month along with the vm instance

109 a month along with the vm instance type that the software is configured for

type that the software is configured for the amount of disk space and the

the amount of disk space and the sustained use discount i've also been

sustained use discount i've also been given some links here for tutorials and

given some links here for tutorials and documentation

documentation and i've also been given instructions

and i've also been given instructions for maintenance and support i've been

for maintenance and support i've been given both an email and a link to live

given both an email and a link to live support and of course at the bottom we

support and of course at the bottom we have the terms of service and this is a

have the terms of service and this is a typical software package amongst many

typical software package amongst many others that's available in the google

others that's available in the google cloud marketplace now i can go ahead and

cloud marketplace now i can go ahead and launch this if i choose but i'm going to

launch this if i choose but i'm going to choose not to launch this and i'm going

choose not to launch this and i'm going to back out and so just to give you some

to back out and so just to give you some context with regards to enterprise

context with regards to enterprise software

software software packages like f5 and jenkins

software packages like f5 and jenkins are also available in the google cloud

are also available in the google cloud marketplace and again when i click on

marketplace and again when i click on the first option it'll give me a bunch

the first option it'll give me a bunch of available options on jenkins and its

of available options on jenkins and its availability from different companies on

availability from different companies on different platforms now just as a note

different platforms now just as a note to update your existing deployment of a

to update your existing deployment of a software package

software package you have to redeploy the software

you have to redeploy the software package from marketplace in order to

package from marketplace in order to update it but other than that caveat the

update it but other than that caveat the easiest way to deploy a software package

easiest way to deploy a software package is definitely through the marketplace

is definitely through the marketplace and so now that we've gone through all

and so now that we've gone through all the different options on how to create

the different options on how to create an instance i'm gonna go back and select

an instance i'm gonna go back and select new vm instance so i can create a new vm

new vm instance so i can create a new vm from scratch and so i am prompted here

from scratch and so i am prompted here at the top with a note telling me that

at the top with a note telling me that there was a draft that was saved from

there was a draft that was saved from when i started to create in my new

when i started to create in my new instance but i navigated away from it

instance but i navigated away from it and i have the option to restore the

and i have the option to restore the configuration i was working on and so

configuration i was working on and so just know that when you are in the midst

just know that when you are in the midst of creating an instance

of creating an instance google cloud will automatically save a

google cloud will automatically save a draft of your build so that you are able

draft of your build so that you are able to continue working on it later now i

to continue working on it later now i don't really need this draft but i will

don't really need this draft but i will just hit restore

just hit restore and for the name i'm going to keep it as

and for the name i'm going to keep it as instance 1 and for the sake of this demo

instance 1 and for the sake of this demo i'm going to add a label

i'm going to add a label the key is going to be environment and

the key is going to be environment and the value will be testing i'm going to

the value will be testing i'm going to go down to the bottom click save now

go down to the bottom click save now when it comes to the geographic location

when it comes to the geographic location of the instance using regions i can

of the instance using regions i can simply click on the drop down and i will

simply click on the drop down and i will have access to deploy this instance in

have access to deploy this instance in any currently available region as

any currently available region as regions are added they will be added

regions are added they will be added here as well and so i'm going to keep it

here as well and so i'm going to keep it as us east one

as us east one and under zone i have the availability

and under zone i have the availability of putting it in any zone within that

of putting it in any zone within that region and so i'm going to keep it as us

region and so i'm going to keep it as us east 1b and just as another note once

east 1b and just as another note once you've deployed the instance in a

you've deployed the instance in a specific region you will not be able to

specific region you will not be able to move that instance to a different region

move that instance to a different region you will have to recreate it using a

you will have to recreate it using a snapshot in another region and i will be

snapshot in another region and i will be going over this in a later lesson now

going over this in a later lesson now scrolling down to machine configuration

scrolling down to machine configuration there are three different types of

there are three different types of families that you can choose from when

families that you can choose from when it comes to machine types the general

it comes to machine types the general purpose the compute optimized and the

purpose the compute optimized and the memory optimized the general purpose

memory optimized the general purpose machine family has a great available

machine family has a great available selection of different series types that

selection of different series types that you can choose from and is usually the

you can choose from and is usually the go to machine family if you're unsure

go to machine family if you're unsure about which machine type to select so

about which machine type to select so for this demo i'm going to keep my

for this demo i'm going to keep my selection for series type as e2 and

selection for series type as e2 and under machine type i'm given a very

under machine type i'm given a very large selection of different sizes when

large selection of different sizes when it comes to vcpu and memory and so i can

it comes to vcpu and memory and so i can select from a shared core a standard

select from a shared core a standard type a high memory type or a high cpu

type a high memory type or a high cpu type and i will be going over this in

type and i will be going over this in greater detail in another lesson on

greater detail in another lesson on machine types now in case the predefined

machine types now in case the predefined machine types do not fit my needs

machine types do not fit my needs or the scope for the amount of vcpus and

or the scope for the amount of vcpus and memory that i need

memory that i need fall in between those predefined machine

fall in between those predefined machine types i can simply select the custom

types i can simply select the custom option and this will bring up a set of

option and this will bring up a set of sliders

sliders where i am able to select both the

where i am able to select both the amount of vcpus and amount of memory

amount of vcpus and amount of memory that i need for the instance that i am

that i need for the instance that i am creating now as i change the course

creating now as i change the course slider to either more vcpus or less my

slider to either more vcpus or less my core to memory ratio for this series

core to memory ratio for this series will stay the same and therefore my

will stay the same and therefore my memory will be adjusted automatically i

memory will be adjusted automatically i also have the option to change the

also have the option to change the memory as i see fit to either add more

memory as i see fit to either add more memory or to remove it and so this is

memory or to remove it and so this is great for when you're in between sizes

great for when you're in between sizes and you're looking for something

and you're looking for something specific that fits your workload and so

specific that fits your workload and so i'm going to change back the machine

i'm going to change back the machine type to an e2 micro

type to an e2 micro and as you can see in the top right

and as you can see in the top right i will find a monthly estimate of how

i will find a monthly estimate of how much the instance will cost me

much the instance will cost me and i can click on this drop down and it

and i can click on this drop down and it will give me a breakdown of the cost for

will give me a breakdown of the cost for vcpu in memory the cost for my disks as

vcpu in memory the cost for my disks as well as my sustained use discount and if

well as my sustained use discount and if i had any other resources that i was

i had any other resources that i was consuming like a static ip or an extra

consuming like a static ip or an extra attached disk those costs would show up

attached disk those costs would show up here as well and so if i went to a

here as well and so if i went to a compute optimized you can see how the

compute optimized you can see how the price has changed but i'm given the

price has changed but i'm given the breakdown so that i know exactly what

breakdown so that i know exactly what i'm paying for so i'm going to switch it

i'm paying for so i'm going to switch it back to general purpose

back to general purpose and i wanted to point out here the cpu

and i wanted to point out here the cpu platform and gpu as you can add gpus to

platform and gpu as you can add gpus to your specific machine configuration and

your specific machine configuration and so just as another note

so just as another note gpus can only be added to an n1 machine

gpus can only be added to an n1 machine type as any other type will show the gpu

type as any other type will show the gpu selection as grayed out and so here i

selection as grayed out and so here i can add the gpu type as well as adding

can add the gpu type as well as adding the number of gpus that i need but for

the number of gpus that i need but for the sake of this demonstration i'm not

the sake of this demonstration i'm not going to add any gpus

going to add any gpus and i'm going to select the e2 series

and i'm going to select the e2 series and change it back to e2 micro scrolling

and change it back to e2 micro scrolling down a little bit here

down a little bit here when it comes to cpu platform depending

when it comes to cpu platform depending on the machine type you can choose

on the machine type you can choose between intel or amd if you are looking

between intel or amd if you are looking for a specific cpu but just know that

for a specific cpu but just know that your configuration is permanent now

your configuration is permanent now moving down a little bit more you will

moving down a little bit more you will see here display device now display

see here display device now display device is a feature on compute engine

device is a feature on compute engine that allows you to add a virtual display

that allows you to add a virtual display to a vm for system management tools

to a vm for system management tools remote desktop software and any

remote desktop software and any application that requires you to connect

application that requires you to connect to a display device on a remote server

to a display device on a remote server this is an especially great feature to

this is an especially great feature to have for when your server is stuck at

have for when your server is stuck at boot patching or hardware failure and

boot patching or hardware failure and you can't log in and the drivers are

you can't log in and the drivers are already included for both windows and

already included for both windows and linux vms this feature works with the

linux vms this feature works with the default vga driver right out of the box

default vga driver right out of the box and so i'm going to keep this checked

and so i'm going to keep this checked off as i don't need it and i'm going to

off as i don't need it and i'm going to move down to confidential vm service now

move down to confidential vm service now confidential computing is a security

confidential computing is a security feature to encrypt sensitive code and

feature to encrypt sensitive code and data that's in memory so even when it's

data that's in memory so even when it's being processed it is still encrypted

being processed it is still encrypted and is a great use case when you're

and is a great use case when you're dealing with very sensitive information

dealing with very sensitive information that requires strict requirements now

that requires strict requirements now compute engine also gives you the option

compute engine also gives you the option of deploying containers on it and this

of deploying containers on it and this is a great way to test your containers

is a great way to test your containers instead of deploying a whole kubernetes

instead of deploying a whole kubernetes cluster and may even suffice for

cluster and may even suffice for specific use cases but just note that

specific use cases but just note that you can only deploy one container per vm

you can only deploy one container per vm instance and so now that we've covered

instance and so now that we've covered most of the general configuration

most of the general configuration options for compute engine i wanted to

options for compute engine i wanted to take a minute to dive into the options

take a minute to dive into the options that are available for boot disk so i'm

that are available for boot disk so i'm going to go ahead and click on change

going to go ahead and click on change and here i have the option of choosing

and here i have the option of choosing from a bunch of different public images

from a bunch of different public images with different operating systems that i

with different operating systems that i can use for my boot disk so if i wanted

can use for my boot disk so if i wanted to load up ubuntu i can simply select

to load up ubuntu i can simply select ubuntu and i can choose from each

ubuntu and i can choose from each different version that's available

different version that's available as well i'm shown here the boot disk

as well i'm shown here the boot disk type which is currently selected as the

type which is currently selected as the standard persistent disk but i also have

standard persistent disk but i also have the option of selecting either a

the option of selecting either a balanced persistent disk or ssd

balanced persistent disk or ssd persistent disk and i'm going to keep it

persistent disk and i'm going to keep it as standard persistent disk and if i

as standard persistent disk and if i wanted to i can increase the boot disk

wanted to i can increase the boot disk size so if i wanted 100 gigs i can

size so if i wanted 100 gigs i can simply add it and if i select it and i

simply add it and if i select it and i go back up to the top right hand corner

go back up to the top right hand corner i can see that my price for the instance

i can see that my price for the instance has changed now i'm not charged for the

has changed now i'm not charged for the operating system due to it being an open

operating system due to it being an open source image but i am charged more for

source image but i am charged more for the standard persistent disk because i'm

the standard persistent disk because i'm no longer using 10 gigs but i'm using

no longer using 10 gigs but i'm using 100 gigabytes

100 gigabytes now let's say i wanted to go back and i

now let's say i wanted to go back and i wanted to change this image to a windows

wanted to change this image to a windows image i'm going to go down here to

image i'm going to go down here to windows server and i want to select

windows server and i want to select windows server 2016 i'm going to load up

windows server 2016 i'm going to load up the data center version and i'm going to

the data center version and i'm going to keep the standard persistent disk along

keep the standard persistent disk along with 100 gigabytes i'm going to select

with 100 gigabytes i'm going to select it if i scroll back up i can see that

it if i scroll back up i can see that i'm charged a licensing fee for windows

i'm charged a licensing fee for windows server and these images with these

server and these images with these licensing fees are known as premium

licensing fees are known as premium images so please make sure that you are

images so please make sure that you are aware of these licensing fees when

aware of these licensing fees when launching your instances and because i

launching your instances and because i want to save on money just for now i'm

want to save on money just for now i'm going to scroll back down to my boot

going to scroll back down to my boot disk and change it back to ubuntu

disk and change it back to ubuntu and i'm going to change the size back

and i'm going to change the size back down to 10 gigabytes as well before you

down to 10 gigabytes as well before you move on i wanted to touch on custom

move on i wanted to touch on custom images and so if i did have any custom

images and so if i did have any custom images i could see them here and i would

images i could see them here and i would be able to create instances from my

be able to create instances from my custom images using this method i also

custom images using this method i also have the option of creating an instance

have the option of creating an instance from a snapshot and because i don't have

from a snapshot and because i don't have any nothing shows up and lastly i have

any nothing shows up and lastly i have the option of using existing disks so

the option of using existing disks so let's say for instance i had a vm

let's say for instance i had a vm instance and i had deleted it but i

instance and i had deleted it but i decided to keep the attached boot disk

decided to keep the attached boot disk it would show up as unattached and i am

it would show up as unattached and i am able to attach that to a new instance

able to attach that to a new instance and so now that i've shown you all the

and so now that i've shown you all the available options when it comes to boot

available options when it comes to boot disk i'm going to go ahead and select

disk i'm going to go ahead and select the ubuntu operating system and move on

the ubuntu operating system and move on to the next option here we have identity

to the next option here we have identity and api access which we've gone through

and api access which we've gone through in great depth in a previous demo as

in great depth in a previous demo as well i'm given an option to create a

well i'm given an option to create a firewall rule automatically for http and

firewall rule automatically for http and https traffic and as for networking as

https traffic and as for networking as we covered it in great depth in the last

we covered it in great depth in the last section

section i will skip that part of the

i will skip that part of the configuration and simply launch it in

configuration and simply launch it in the default vpc and so just as a quick

the default vpc and so just as a quick note i wanted to remind you that down at

note i wanted to remind you that down at the bottom of the page you can find the

the bottom of the page you can find the command line shortcut and when you click

command line shortcut and when you click on it it will give you the gcloud

on it it will give you the gcloud command to run that you can use in order

command to run that you can use in order to create your instance and so i want to

to create your instance and so i want to deploy this as is so i'm going to click

deploy this as is so i'm going to click here on close and i'm going to click on

here on close and i'm going to click on create

create and so i'm just going to give it a

and so i'm just going to give it a minute now so the instance can be

minute now so the instance can be created and it took a few seconds but

created and it took a few seconds but the instance is created and this is

the instance is created and this is regarded as the inventory page to view

regarded as the inventory page to view your instance inventory and to look up

your instance inventory and to look up any correlating information on any of

any correlating information on any of your instances and so this probably

your instances and so this probably looks familiar to you from the previous

looks familiar to you from the previous instances that you've launched so here

instances that you've launched so here we have the name of the instance the

we have the name of the instance the zone

zone the internal ip along with the external

the internal ip along with the external ip and a selection to connect to the

ip and a selection to connect to the instance as well i'm also given the

instance as well i'm also given the option to connect to this instance in

option to connect to this instance in different ways you also have the option

different ways you also have the option of adding more column information to

of adding more column information to your inventory dashboard with regards to

your inventory dashboard with regards to your instance

your instance and you can do this by simply clicking

and you can do this by simply clicking on the columns button right here above

on the columns button right here above the list of instances and you can select

the list of instances and you can select from creation time

from creation time machine type preserve state and even the

machine type preserve state and even the network and this may bring you more

network and this may bring you more insight on the information available for

insight on the information available for that instance or even grouping of

that instance or even grouping of instances with common configurations

instances with common configurations this will also help you identify your

this will also help you identify your instances visually in the console and so

instances visually in the console and so i'm just going to put the columns back

i'm just going to put the columns back to

to exactly what it was

and so now i want to take a moment to dive right into the instance and have a

dive right into the instance and have a look at the instance details so as you

look at the instance details so as you remember we selected the machine type of

remember we selected the machine type of e2 micro which has two vcpus and one

e2 micro which has two vcpus and one gigabyte of memory here we have the

gigabyte of memory here we have the instance id as well scrolling down we

instance id as well scrolling down we have the cpu platform we have the

have the cpu platform we have the display device that i was mentioning

display device that i was mentioning earlier along with the zone the labels

earlier along with the zone the labels the creation time as well as the network

the creation time as well as the network interface and scrolling down i can see

interface and scrolling down i can see here the boot disk with the ubuntu image

here the boot disk with the ubuntu image as well as the name of the boot disk so

as well as the name of the boot disk so there are quite a few configurations

there are quite a few configurations here and if i click on edit i can edit

here and if i click on edit i can edit some of these configurations on the fly

some of these configurations on the fly and with some configurations i need to

and with some configurations i need to stop the instance before editing them

stop the instance before editing them and there are some configurations like

and there are some configurations like the network interface where i would have

the network interface where i would have to delete the instance in order to

to delete the instance in order to recreate it so for instance if i wanted

recreate it so for instance if i wanted to change the machine type i need to

to change the machine type i need to stop the instance in order to change it

stop the instance in order to change it and the same thing goes for my display

and the same thing goes for my display device as well the network interface in

device as well the network interface in order for me to change it from its

order for me to change it from its current network or subnetwork i'm going

current network or subnetwork i'm going to have to stop the instance in order to

to have to stop the instance in order to change it as well and so i hope this

change it as well and so i hope this general walkthrough of configuring an

general walkthrough of configuring an instance has given you a sense of what

instance has given you a sense of what can be configured on launch

can be configured on launch and allowed you to gain some insight on

and allowed you to gain some insight on editing features of an instance after

editing features of an instance after launch a lot of what you've seen here in

launch a lot of what you've seen here in this demo will come up in the exam and

this demo will come up in the exam and so i would recommend that before going

so i would recommend that before going into the exam to spend some time

into the exam to spend some time launching instances knowing exactly how

launching instances knowing exactly how they will behave and what can be edited

they will behave and what can be edited after creation that can be done on the

after creation that can be done on the fly edits that need the instance to be

fly edits that need the instance to be shut down and edits that need the

shut down and edits that need the instance to be recreated and so that's

instance to be recreated and so that's pretty much all i wanted to cover when

pretty much all i wanted to cover when it comes to creating an instance so you

it comes to creating an instance so you can now mark this as complete and let's

can now mark this as complete and let's move on to the next one

welcome back now in this lesson i'm going to be discussing compute engine

going to be discussing compute engine machine types now a machine type is a

machine types now a machine type is a set of virtualized hardware resources

set of virtualized hardware resources that's available to a vm instance

that's available to a vm instance including the system memory size

including the system memory size virtual cpu count

virtual cpu count and persistent disks in compute engine

and persistent disks in compute engine machine types are grouped and curated by

machine types are grouped and curated by families for different workloads you

families for different workloads you must always choose a machine type when

must always choose a machine type when you create an instance and you can

you create an instance and you can select from a number of pre-defined

select from a number of pre-defined machine types in each machine type

machine types in each machine type family if the pre-defined machine types

family if the pre-defined machine types don't meet your needs then you can

don't meet your needs then you can create your own custom machine types in

create your own custom machine types in this lesson i will be going through all

this lesson i will be going through all the different machine types their

the different machine types their families and their use cases so with

families and their use cases so with that being said let's dive in

that being said let's dive in now each machine type family displayed

now each machine type family displayed here includes different machine types

here includes different machine types each family is curated for specific

each family is curated for specific workload types the following primary

workload types the following primary machine types are offered on compute

machine types are offered on compute engine which is general purpose compute

engine which is general purpose compute optimized and memory optimized and so i

optimized and memory optimized and so i wanted to go through each one of these

wanted to go through each one of these families in a little bit of detail now

families in a little bit of detail now before diving right into it

before diving right into it defining what type of machine type you

defining what type of machine type you are running can be overwhelming for some

are running can be overwhelming for some but can be broken down to be understood

but can be broken down to be understood a bit better they are broken down into

a bit better they are broken down into three parts and separated by hyphens the

three parts and separated by hyphens the first part in this example shown here

first part in this example shown here is the series so for this example the

is the series so for this example the series is e2 and the number after the

series is e2 and the number after the letter is the generation type in this

letter is the generation type in this case it would be the second generation

case it would be the second generation now the series come in many different

now the series come in many different varieties and each are designed for

varieties and each are designed for specific workloads now moving on to the

specific workloads now moving on to the middle part of the machine type this is

middle part of the machine type this is the actual type and types as well can

the actual type and types as well can come in a slew of different flavors and

come in a slew of different flavors and is usually coupled with a specific

is usually coupled with a specific series so in this example the type here

series so in this example the type here is standard and so moving on to the

is standard and so moving on to the third part of the machine type this is

third part of the machine type this is the amount of vcp use

the amount of vcp use in the machine type and so with vcpus

in the machine type and so with vcpus they can be offered anywhere from one

they can be offered anywhere from one vcpu up to 416 vcpus and so for the

vcpu up to 416 vcpus and so for the example shown here this machine type has

example shown here this machine type has 32 vcpus and so there is one more aspect

32 vcpus and so there is one more aspect of a machine type

of a machine type which is the gpus

which is the gpus but please note that gpus are only

but please note that gpus are only available for the n1 series and so

available for the n1 series and so combining the series the type and the

combining the series the type and the vcpu

vcpu you will get your machine type and so

you will get your machine type and so now that we've broken down the machine

now that we've broken down the machine types in order to properly define them

types in order to properly define them i wanted to get into the predefined

i wanted to get into the predefined machine type families

machine type families specifically starting off with the

specifically starting off with the general purpose predefined machine type

general purpose predefined machine type and all the general purpose machine

and all the general purpose machine types are available in the standard type

types are available in the standard type the high memory type and the high cpu

the high memory type and the high cpu type so the standard type

type so the standard type is the balance of cpu and memory and

is the balance of cpu and memory and this is the most common general purpose

this is the most common general purpose machine type general purpose also comes

machine type general purpose also comes in high memory and this is a high memory

in high memory and this is a high memory to cpu ratio so very high memory a lower

to cpu ratio so very high memory a lower cpu

cpu and lastly we have the high cpu machine

and lastly we have the high cpu machine type and this is a high cpu to memory

type and this is a high cpu to memory ratio so this would be the opposite of

ratio so this would be the opposite of the high memory so very high cpu to

the high memory so very high cpu to lower memory so now digging into the

lower memory so now digging into the general purpose machine family i wanted

general purpose machine family i wanted to start off with the e2 series and this

to start off with the e2 series and this is designed for day-to-day computing at

is designed for day-to-day computing at a low cost so if you're looking to do

a low cost so if you're looking to do things like web serving

things like web serving application serving

application serving back office applications

back office applications small to medium databases microservices

small to medium databases microservices virtual desktops or even development

virtual desktops or even development environments the e2 series would serve

environments the e2 series would serve the purpose perfectly

the purpose perfectly now the e2 machine types are cost

now the e2 machine types are cost optimized machine types that offer

optimized machine types that offer sizing between 2 to 32 vcpus and half a

sizing between 2 to 32 vcpus and half a gigabyte to 128 gigabytes of memory so

gigabyte to 128 gigabytes of memory so small to medium workloads that don't

small to medium workloads that don't require as many vcpus and applications

require as many vcpus and applications that don't require local ssds or gpus

that don't require local ssds or gpus are an ideal fit for e2 machines e2

are an ideal fit for e2 machines e2 machine types do not offer sustained use

machine types do not offer sustained use discounts however they do provide

discounts however they do provide consistently

consistently low on-demand and committed use pricing

low on-demand and committed use pricing in other words they offer the lowest

in other words they offer the lowest on-demand pricing across the general

on-demand pricing across the general purpose machine types as well the e2

purpose machine types as well the e2 series machines are available in both

series machines are available in both pre-defined and custom machine types

pre-defined and custom machine types moving on i wanted to touch on all the

moving on i wanted to touch on all the machine types available in the n-series

machine types available in the n-series and these are a balanced machine type

and these are a balanced machine type with price and performance across a wide

with price and performance across a wide range of vm flavors and these machines

range of vm flavors and these machines are designed for web servers application

are designed for web servers application servers back office applications medium

servers back office applications medium to large databases as well as caching

to large databases as well as caching and media streaming and they are offered

and media streaming and they are offered in the standard high memory and high cpu

in the standard high memory and high cpu types

types now the n1 machine types are compute

now the n1 machine types are compute engines first generation general purpose

engines first generation general purpose machine types now this machine type

machine types now this machine type offers up to 96 vcpus and 624 gigabytes

offers up to 96 vcpus and 624 gigabytes of memory and again as i mentioned

of memory and again as i mentioned earlier this is the only machine type

earlier this is the only machine type that offers both gpu support and tpu

that offers both gpu support and tpu support the n1 type is available as both

support the n1 type is available as both pre-defined machine types and custom

pre-defined machine types and custom machine types and the n1 series offers a

machine types and the n1 series offers a larger sustained use discount than n2

larger sustained use discount than n2 machine types speaking of which

machine types speaking of which the n2 machine types are the second

the n2 machine types are the second generation general purpose machine types

generation general purpose machine types and these offer flexible sizing between

and these offer flexible sizing between two 280 vcpus and half a gigabyte of

two 280 vcpus and half a gigabyte of memory to 640 gigabytes of memory and

memory to 640 gigabytes of memory and these machine types also offer an

these machine types also offer an overall performance improvement over the

overall performance improvement over the n1 machine types workloads that can take

n1 machine types workloads that can take advantage of the higher clock frequency

advantage of the higher clock frequency of the cpu

of the cpu are a good choice for n2 machine types

are a good choice for n2 machine types and these workloads can get higher per

and these workloads can get higher per thread performance while benefiting from

thread performance while benefiting from all the flexibility that a general

all the flexibility that a general purpose machine type offers and two

purpose machine type offers and two machine types also offer the extended

machine types also offer the extended memory feature and this helps control

memory feature and this helps control per cpu software licensing costs now

per cpu software licensing costs now getting into the last n series machine

getting into the last n series machine type the n2d machine type is the largest

type the n2d machine type is the largest general purpose machine type with up to

general purpose machine type with up to 224 vcpus and

224 vcpus and 896 gigabytes of memory this machine

896 gigabytes of memory this machine type is available in predefined and

type is available in predefined and custom machine types and this machine

custom machine types and this machine type as well has the extended memory

type as well has the extended memory feature which i discussed earlier that

feature which i discussed earlier that helps you avoid per cpu software

helps you avoid per cpu software licensing the n2d machine type supports

licensing the n2d machine type supports the committed use and sustain use

the committed use and sustain use discounts now moving on from the general

discounts now moving on from the general purpose machine type family i wanted to

purpose machine type family i wanted to move into the compute optimize machine

move into the compute optimize machine family now this series

family now this series offers ultra high performance for

offers ultra high performance for compute intensive workloads such as high

compute intensive workloads such as high performance computing

performance computing electronic design automation

electronic design automation gaming and single threaded applications

gaming and single threaded applications so anything that is designed for compute

so anything that is designed for compute intensive workloads this will definitely

intensive workloads this will definitely be your best choice

be your best choice now compute engine optimized machine

now compute engine optimized machine types are ideal for as i said earlier

types are ideal for as i said earlier compute intensive workloads and these

compute intensive workloads and these machine types offer the highest

machine types offer the highest performance per core

performance per core on compute engine compute optimized

on compute engine compute optimized types are only available as predefined

types are only available as predefined machine types and so they are not

machine types and so they are not available for any custom machine types

available for any custom machine types the c2 machine types offer a maximum of

the c2 machine types offer a maximum of 60 vcpus and a maximum of 240 gigabytes

60 vcpus and a maximum of 240 gigabytes of memory now although the c2 machine

of memory now although the c2 machine type works great for compute intensive

type works great for compute intensive workloads it does come with some caveats

workloads it does come with some caveats and so you cannot use regional

and so you cannot use regional persistent disks with compute optimized

persistent disks with compute optimized machine types and i will be getting into

machine types and i will be getting into the details of persistent disks in a

the details of persistent disks in a later lesson and they are only available

later lesson and they are only available in select zones and regions on select

in select zones and regions on select cpu platforms and so now moving into the

cpu platforms and so now moving into the last family is the memory optimize

last family is the memory optimize machine family and this is for ultra

machine family and this is for ultra high memory workloads this family is

high memory workloads this family is designed for large in memory databases

designed for large in memory databases like sap hana as well as in memory

like sap hana as well as in memory analytics

analytics now the m series comes in two separate

now the m series comes in two separate generations

generations m1 and m2 the m1 offering a maximum of

m1 and m2 the m1 offering a maximum of 160 vcpus and a maximum memory of

160 vcpus and a maximum memory of 3844 gigabytes whereas the m2 offering

3844 gigabytes whereas the m2 offering again a maximum of 160 vcpus but

again a maximum of 160 vcpus but offering a whopping 11

offering a whopping 11 776 gigabytes of maximum memory and as i

776 gigabytes of maximum memory and as i said before these machine types they're

said before these machine types they're ideal for tasks that require intensive

ideal for tasks that require intensive use of memory so they are suited for

use of memory so they are suited for in-memory databases and in memory

in-memory databases and in memory analytics data warehousing workloads

analytics data warehousing workloads genomics analysis and sql analysis

genomics analysis and sql analysis services memory optimized machine types

services memory optimized machine types are only available as predefined machine

are only available as predefined machine types and the caveats here is that you

types and the caveats here is that you cannot use regional persistent disks

cannot use regional persistent disks with memory optimized machine types as

with memory optimized machine types as well they're only available in specific

well they're only available in specific zones now i wanted to take a moment to

zones now i wanted to take a moment to go back

go back to the general purpose machine type so

to the general purpose machine type so that i can dig into the shared cord

that i can dig into the shared cord machine type and this is spread amongst

machine type and this is spread amongst the e2 and n1 series and these shared

the e2 and n1 series and these shared core machine types are used for

core machine types are used for burstable workloads are very cost

burstable workloads are very cost effective as well they're great for

effective as well they're great for non-resource intensive applications

non-resource intensive applications shared core machine types use context

shared core machine types use context switching to share a physical core

switching to share a physical core between vcpus for the purpose of

between vcpus for the purpose of multitasking different shared core

multitasking different shared core machine types sustain different amounts

machine types sustain different amounts of time on a physical core which allows

of time on a physical core which allows google cloud to cut the price in general

google cloud to cut the price in general share core instances can be more cost

share core instances can be more cost effective for running small

effective for running small non-resource intensive applications than

non-resource intensive applications than standard high memory or high cpu machine

standard high memory or high cpu machine types now when it comes to cpu bursting

types now when it comes to cpu bursting these shared core machine types offer

these shared core machine types offer bursting capabilities that allow

bursting capabilities that allow instances to use additional physical cpu

instances to use additional physical cpu for short periods of time bursting

for short periods of time bursting happens automatically when your instance

happens automatically when your instance requires more physical cpu than

requires more physical cpu than originally allocated during these spikes

originally allocated during these spikes your instance will take advantage of

your instance will take advantage of available physical cpu in bursts and the

available physical cpu in bursts and the e2 shared core machine type is offered

e2 shared core machine type is offered in micro small and medium while the n1

in micro small and medium while the n1 series is offered in the f1 micro and

series is offered in the f1 micro and the g1 small and both of these series

the g1 small and both of these series have a maximum of two vcpus with a

have a maximum of two vcpus with a maximum of four gigabytes of memory now

maximum of four gigabytes of memory now i wanted to take a moment to touch on

i wanted to take a moment to touch on custom machine types and these are

custom machine types and these are available for any general purpose

available for any general purpose machine and so this is customer defined

machine and so this is customer defined cpu and memory designed for custom

cpu and memory designed for custom workloads

workloads now if none of the general purpose

now if none of the general purpose predefined machine types cater to your

predefined machine types cater to your needs

needs you can create a custom machine type

you can create a custom machine type with a specific number of vcpus and

with a specific number of vcpus and amount of memory that you need for your

amount of memory that you need for your instance these machine types are ideal

instance these machine types are ideal for workloads that are not a good fit

for workloads that are not a good fit for the pre-defined machine types that

for the pre-defined machine types that are available they're also great for

are available they're also great for when you need more memory or more cpu

when you need more memory or more cpu but the predefined machine types don't

but the predefined machine types don't quite fit exactly what you need for your

quite fit exactly what you need for your workload just as a note it costs

workload just as a note it costs slightly more to use a custom machine

slightly more to use a custom machine type than a pre-defined machine type and

type than a pre-defined machine type and there are limitations in the amount of

there are limitations in the amount of memory and vcpu you can select and as i

memory and vcpu you can select and as i stated earlier when creating a custom

stated earlier when creating a custom machine type you can choose from the e2

machine type you can choose from the e2 n2

n2 and 2d and n1 machine types and so the

and 2d and n1 machine types and so the last part i wanted to touch on are the

last part i wanted to touch on are the gpus that are available and these are

gpus that are available and these are designed for the graphic intensive

designed for the graphic intensive workloads and again are only available

workloads and again are only available for the n1 machine type and gpus come in

for the n1 machine type and gpus come in five different flavors from nvidia

five different flavors from nvidia showing here as the tesla k80 the tesla

showing here as the tesla k80 the tesla p4 the tesla t4 the tesla v100 and the

p4 the tesla t4 the tesla v100 and the tesla p100 and so these are all the

tesla p100 and so these are all the families and machine types that are

families and machine types that are available for you in google cloud and

available for you in google cloud and will allow you to be a little bit more

will allow you to be a little bit more flexible with the type of workload that

flexible with the type of workload that you need them for and so for the exam

you need them for and so for the exam you won't have to memorize each machine

you won't have to memorize each machine type but you will need to know an

type but you will need to know an overview of what each machine type does

overview of what each machine type does now i know there's been a lot of theory

now i know there's been a lot of theory presented here in this lesson but i hope

presented here in this lesson but i hope this is giving you a better

this is giving you a better understanding of all the available

understanding of all the available pre-defined machine types in google

pre-defined machine types in google cloud and so that's pretty much all i

cloud and so that's pretty much all i wanted to cover in this lesson on

wanted to cover in this lesson on compute engine machine types so you can

compute engine machine types so you can now mark this lesson as complete and

now mark this lesson as complete and let's move on to the next one

let's move on to the next one [Music]

[Music] welcome back in this lesson i'm going to

welcome back in this lesson i'm going to be reviewing managing your instances now

be reviewing managing your instances now how you manage your instances is a big

how you manage your instances is a big topic in the exam

topic in the exam as well it's very useful to know for

as well it's very useful to know for your work as a cloud engineer in the

your work as a cloud engineer in the environments you are responsible for

environments you are responsible for knowing both the features that are

knowing both the features that are available as well as the best practices

available as well as the best practices will allow you to make better decisions

will allow you to make better decisions with regards to your instances and allow

with regards to your instances and allow you to keep your environment healthy

you to keep your environment healthy this lesson will dive into the many

this lesson will dive into the many features that are available in order to

features that are available in order to better manage your instances using the

better manage your instances using the specific features within google cloud so

specific features within google cloud so with that being said let's dive in

with that being said let's dive in now i wanted to start off this lesson

now i wanted to start off this lesson discussing the life cycle of an instance

discussing the life cycle of an instance within google cloud every instance has a

within google cloud every instance has a predefined life cycle from its starting

predefined life cycle from its starting provisioning state to its deletion an

provisioning state to its deletion an instance can transition through many

instance can transition through many instant states as part of its life cycle

instant states as part of its life cycle when you first create an instance

when you first create an instance compute engine provisions resources to

compute engine provisions resources to start your instance next the instance

start your instance next the instance moves into staging where it prepares the

moves into staging where it prepares the first boot and then it finally boots up

first boot and then it finally boots up and is considered running during its

and is considered running during its lifetime a running instance can be

lifetime a running instance can be repeatedly stopped and restarted or

repeatedly stopped and restarted or suspended and resumed so now i wanted to

suspended and resumed so now i wanted to take a few minutes to go through the

take a few minutes to go through the instance life cycle in a bit of detail

instance life cycle in a bit of detail starting with the provisioning state

starting with the provisioning state now this is where resources are being

now this is where resources are being allocated for the instance the instance

allocated for the instance the instance is not yet running and the instance is

is not yet running and the instance is being allocated its requested amount of

being allocated its requested amount of cpu and memory along with its root disk

cpu and memory along with its root disk any additional disks that are attached

any additional disks that are attached to it and as well some additional

to it and as well some additional feature sets that are assigned to this

feature sets that are assigned to this instance and when it comes to the cost

instance and when it comes to the cost while in the provisioning state there

while in the provisioning state there are no costs that are being incurred

are no costs that are being incurred moving right along to the staging state

moving right along to the staging state after finishing the provisioning state

after finishing the provisioning state the life cycle continues with the

the life cycle continues with the staging state and this is where

staging state and this is where resources have been acquired and the

resources have been acquired and the instance is being prepared for first

instance is being prepared for first boot both internal and external ips are

boot both internal and external ips are allocated and can be either static or

allocated and can be either static or ephemeral in the system image that was

ephemeral in the system image that was originally chosen for this instance

originally chosen for this instance is used to boot up the instance and this

is used to boot up the instance and this can be either a public image or a custom

can be either a public image or a custom image costs in the state are still not

image costs in the state are still not incurred as the instance is still in the

incurred as the instance is still in the pre-boot state

pre-boot state now once the instance has left staging

now once the instance has left staging it will move on to the running state and

it will move on to the running state and this is where the instance is booting up

this is where the instance is booting up or running and should allow you to log

or running and should allow you to log into the instance either using ssh or

into the instance either using ssh or rdp within a short waiting period due to

rdp within a short waiting period due to any startup scripts or any boot

any startup scripts or any boot maintenance tasks for the operating

maintenance tasks for the operating system now during the running state you

system now during the running state you can reset your instance and this is

can reset your instance and this is where you would wipe the memory contents

where you would wipe the memory contents of the vm instance and reset the virtual

of the vm instance and reset the virtual machine to its initial state resetting

machine to its initial state resetting an instance

an instance causes an immediate hard reset of the vm

causes an immediate hard reset of the vm and therefore the vm does not do a

and therefore the vm does not do a graceful shutdown for the guest

graceful shutdown for the guest operating system however

operating system however the vm retains all persistent disk data

the vm retains all persistent disk data and none of the instance properties

and none of the instance properties change the instance remains in running

change the instance remains in running state through the reset now as well in

state through the reset now as well in the running state a repair can happen

the running state a repair can happen due to the instance encountering an

due to the instance encountering an internal error or the underlying machine

internal error or the underlying machine is unavailable due to maintenance during

is unavailable due to maintenance during this time the instance is unusable and

this time the instance is unusable and if the repair is successful the instance

if the repair is successful the instance returns back to the running state paying

returns back to the running state paying attention to costs

attention to costs this state is where the instance starts

this state is where the instance starts to occur them and is related to the

to occur them and is related to the resources assigned to the instance like

resources assigned to the instance like the cpu and memory any static ips and

the cpu and memory any static ips and any disks that are attached to the

any disks that are attached to the instance and i will be going into a bit

instance and i will be going into a bit of detail in just a bit with regards to

of detail in just a bit with regards to this state

this state and finally we end the life cycle with

and finally we end the life cycle with the stopping suspended and terminated

the stopping suspended and terminated states now when you are suspending an

states now when you are suspending an instance it is like closing the lid of

instance it is like closing the lid of your laptop suspending the instance will

your laptop suspending the instance will preserve the guest operating system

preserve the guest operating system memory and application state of the

memory and application state of the instance otherwise it'll be discarded

instance otherwise it'll be discarded and from this state you can choose

and from this state you can choose either to resume or to delete it when it

either to resume or to delete it when it comes to stopping either a user has made

comes to stopping either a user has made a request to stop the instance or there

a request to stop the instance or there was a failure and this is a temporary

was a failure and this is a temporary status and the instance will move to

status and the instance will move to terminated touching on costs for just a

terminated touching on costs for just a second when suspending or stopping an

second when suspending or stopping an instance you pay for resources that are

instance you pay for resources that are still attached to the vm instance

still attached to the vm instance such as static ips and persistent disk

such as static ips and persistent disk data you do not pay the cost of a

data you do not pay the cost of a running vm instance ephemeral external

running vm instance ephemeral external ip addresses are released from the

ip addresses are released from the instance and will be assigned a new one

instance and will be assigned a new one when the instance is started now when it

when the instance is started now when it comes to stopping suspending or

comes to stopping suspending or resetting an instance you can stop or

resetting an instance you can stop or suspend an instance if you no longer

suspend an instance if you no longer need it but want to keep the instance

need it but want to keep the instance around for future use compute engine

around for future use compute engine waits for the guest to finish shutting

waits for the guest to finish shutting down and then transitions the instance

down and then transitions the instance to the terminated state so touching on

to the terminated state so touching on the terminated state this is where a

the terminated state this is where a user either shuts down the instance or

user either shuts down the instance or the instance encounters a failure you

the instance encounters a failure you can choose to restart the instance or

can choose to restart the instance or delete it as well as holding some reset

delete it as well as holding some reset options within the availability policy

options within the availability policy in this state you still pay for static

in this state you still pay for static ips and disks

ips and disks but like the suspending or stopping

but like the suspending or stopping state you do not pay for the cpu and

state you do not pay for the cpu and memory resources allocated to the

memory resources allocated to the instance

instance and so this covers a high level overview

and so this covers a high level overview of the instance lifecycle in google

of the instance lifecycle in google cloud and all of the states that make up

cloud and all of the states that make up this lifecycle now to get into some

this lifecycle now to get into some detail with regards to some feature sets

detail with regards to some feature sets for compute engine i wanted to revisit

for compute engine i wanted to revisit the states where those features apply

the states where those features apply now when creating your instance you have

now when creating your instance you have the option of using shielded vms for

the option of using shielded vms for added security and when using them the

added security and when using them the instance would instantiate them as the

instance would instantiate them as the instance boots and enters into the

instance boots and enters into the running state

running state so what exactly is a shielded vm

so what exactly is a shielded vm well shielded vms offer verifiable

well shielded vms offer verifiable integrity of your compute engine vm

integrity of your compute engine vm instances so you can be sure that your

instances so you can be sure that your instances haven't been compromised by

instances haven't been compromised by boot or kernel level malware or rootkits

boot or kernel level malware or rootkits and this is achieved through a four-step

and this is achieved through a four-step process

process which is covered by secure boot virtual

which is covered by secure boot virtual trusted platform module also known as

trusted platform module also known as vtpm measure boot which is running on

vtpm measure boot which is running on vtpm and integrity monitoring so i

vtpm and integrity monitoring so i wanted to dig into this for just a sec

wanted to dig into this for just a sec to give you a bit more context

to give you a bit more context now the boot process for shielded vms

now the boot process for shielded vms start with secure boot and this helps

start with secure boot and this helps ensure that the system only runs

ensure that the system only runs authentic software by verifying the

authentic software by verifying the digital signature for all boot

digital signature for all boot components and stopping the boot process

components and stopping the boot process if signature verification fails so

if signature verification fails so shielded vm instances run firmware

shielded vm instances run firmware that's signed and verified using

that's signed and verified using google's certificate authority and on

google's certificate authority and on each and every boot any boot component

each and every boot any boot component that isn't properly signed or isn't

that isn't properly signed or isn't signed at all is not allowed to run and

signed at all is not allowed to run and so the first time you boot a vm instance

so the first time you boot a vm instance measure boot creates the integrity

measure boot creates the integrity policy baseline from the first set of

policy baseline from the first set of these measurements and then securely

these measurements and then securely stores this data each time the vm

stores this data each time the vm instance boots after that these

instance boots after that these measurements are taken again and stored

measurements are taken again and stored in secure memory until the next reboot

in secure memory until the next reboot having these two sets of measurements

having these two sets of measurements enables integrity monitoring which is

enables integrity monitoring which is the next step and allows it to determine

the next step and allows it to determine if there have been changes to a vm

if there have been changes to a vm instance's boot sequence and this policy

instance's boot sequence and this policy is loaded onto a virtualized trusted

is loaded onto a virtualized trusted platform module again known as the vtpm

platform module again known as the vtpm for short which is a specialized

for short which is a specialized computer chip that you can use to

computer chip that you can use to protect objects like keys and

protect objects like keys and certificates that you use to

certificates that you use to authenticate access to your system with

authenticate access to your system with shielded vms vtpm enables measured boot

shielded vms vtpm enables measured boot by performing the measurements needed to

by performing the measurements needed to create a known good boot baseline and

create a known good boot baseline and this is called the integrity policy

this is called the integrity policy baseline the integrity policy baseline

baseline the integrity policy baseline is used for comparison

is used for comparison with measurements from subsequent vm

with measurements from subsequent vm boots to determine if anything has

boots to determine if anything has changed integrity monitoring relies on

changed integrity monitoring relies on the measurements created by measured

the measurements created by measured boot for both the integrity policy

boot for both the integrity policy baseline and the most recent boot

baseline and the most recent boot sequence integrity monitoring compares

sequence integrity monitoring compares the most recent boot measurements

the most recent boot measurements to the integrity policy baseline and

to the integrity policy baseline and returns a pair of pass or failed results

returns a pair of pass or failed results depending on whether they match or not

depending on whether they match or not one for the early boot sequence and one

one for the early boot sequence and one for the late boot sequence and so in

for the late boot sequence and so in summary this is how shielded vms help

summary this is how shielded vms help prevent data exfiltration so touching

prevent data exfiltration so touching now on the running state when you start

now on the running state when you start a vm instance using google provided

a vm instance using google provided public images a guest environment is

public images a guest environment is automatically installed on the vm

automatically installed on the vm instance a guest environment is a set of

instance a guest environment is a set of scripts daemons and binaries that read

scripts daemons and binaries that read the content of the metadata server to

the content of the metadata server to make a virtual machine run properly on

make a virtual machine run properly on compute engine a metadata server is a

compute engine a metadata server is a communication channel for transferring

communication channel for transferring information from a client to the guest

information from a client to the guest operating system vm instances created

operating system vm instances created using google provided public images

using google provided public images include a guest environment that is

include a guest environment that is installed by default creating vm

installed by default creating vm instances

instances using a custom image will require you to

using a custom image will require you to manually install the guest environment

manually install the guest environment this guest environment is available for

this guest environment is available for both linux and windows systems and each

both linux and windows systems and each supported operating system that is

supported operating system that is available on compute engine requires

available on compute engine requires specific guest environment packages

specific guest environment packages either google or the owner of the

either google or the owner of the operating system builds these packages

operating system builds these packages now when it comes to the linux guest

now when it comes to the linux guest environment it is either built by google

environment it is either built by google or the owner of the operating system

or the owner of the operating system and there are some key components that

and there are some key components that are applicable to all builds which can

are applicable to all builds which can be found in the link that i have

be found in the link that i have included in the lesson text the base

included in the lesson text the base components of a linux guest environment

components of a linux guest environment is a python package that contains

is a python package that contains scripts daemons and packages for the

scripts daemons and packages for the supported linux distributions when it

supported linux distributions when it comes to windows a similar approach

comes to windows a similar approach applies where a package is available

applies where a package is available with main scripts and binaries as a part

with main scripts and binaries as a part of this guest environment

of this guest environment now touching back on the metadata server

now touching back on the metadata server compute engine provides a method for

compute engine provides a method for storing and retrieving metadata in the

storing and retrieving metadata in the form of the metadata server this service

form of the metadata server this service provides a central point to set metadata

provides a central point to set metadata in the form of key value pairs which is

in the form of key value pairs which is then provided to virtual machines at

then provided to virtual machines at runtime and you can query this metadata

runtime and you can query this metadata server programmatically from within the

server programmatically from within the instance and from the compute engine api

instance and from the compute engine api this is great for use with startup and

this is great for use with startup and shutdown scripts or gaining more insight

shutdown scripts or gaining more insight with your instance metadata can be

with your instance metadata can be assigned to projects as well as

assigned to projects as well as instances and project metadata

instances and project metadata propagates to all instances within the

propagates to all instances within the project while instance metadata only

project while instance metadata only impacts that instance and you can access

impacts that instance and you can access the metadata using the following url

the metadata using the following url with the curl command you see here on

with the curl command you see here on the screen so if you're looking for the

the screen so if you're looking for the metadata for a project you would use the

metadata for a project you would use the first url that ends in project and for

first url that ends in project and for any instance metadata you can use the

any instance metadata you can use the second url that ends in instance now

second url that ends in instance now please note that when you make a request

please note that when you make a request to get information from the metadata

to get information from the metadata server your request and the subsequent

server your request and the subsequent metadata response never leaves the

metadata response never leaves the physical host running the virtual

physical host running the virtual machine instance now once the instance

machine instance now once the instance has booted and has gone through the

has booted and has gone through the startup scripts you will then have the

startup scripts you will then have the ability to login to your instance using

ability to login to your instance using ssh or rdp now there are some different

ssh or rdp now there are some different methods that you can use to connect and

methods that you can use to connect and access both your linux instances and

access both your linux instances and your windows instances that i will be

your windows instances that i will be going over

going over now when it comes to linux instances

now when it comes to linux instances we've already gone through accessing

we've already gone through accessing these types of instances in previous

these types of instances in previous lessons and demos but just as a

lessons and demos but just as a refresher you would typically connect to

refresher you would typically connect to your vm instance via ssh access on port

your vm instance via ssh access on port 22. please note that you will require a

22. please note that you will require a firewall rule as we have done in

firewall rule as we have done in previous demos to allow this access and

previous demos to allow this access and you can connect to your linux instances

you can connect to your linux instances through the google cloud console or the

through the google cloud console or the cloud shell using the cloud sdk now i

cloud shell using the cloud sdk now i know that the use of ssh keys are the

know that the use of ssh keys are the defacto when it comes to logging into

defacto when it comes to logging into linux instances now in most scenarios on

linux instances now in most scenarios on google cloud google recommends using os

google cloud google recommends using os login over using ssh keys the os login

feature lets you use compute engine iam roles to manage ssh access to linux

roles to manage ssh access to linux instances and then if you'd like you can

instances and then if you'd like you can add an extra layer of security by

add an extra layer of security by setting up os login with two-step

setting up os login with two-step verification and manage access at the

verification and manage access at the organization level by setting up

organization level by setting up organizational policies os login

organizational policies os login simplifies ssh access management by

simplifies ssh access management by linking your linux user account to your

linking your linux user account to your google identity administrators can

google identity administrators can easily manage access to instances

easily manage access to instances at either an instance or project level

at either an instance or project level by setting iam permissions now if you're

by setting iam permissions now if you're running your own directory service for

running your own directory service for managing access or are unable to set up

managing access or are unable to set up os login you can manually manage ssh

os login you can manually manage ssh keys and local user accounts in metadata

keys and local user accounts in metadata by manually creating ssh keys and

by manually creating ssh keys and editing the public ssh key metadata now

editing the public ssh key metadata now when it comes to windows instances you

when it comes to windows instances you would typically connect to your vm

would typically connect to your vm instance via rdp access on port 3389 and

instance via rdp access on port 3389 and please note that you will also require a

please note that you will also require a firewall rule as shown here to allow

firewall rule as shown here to allow this access you can connect to your

this access you can connect to your windows instances through the rdp

windows instances through the rdp protocol or through a powershell

protocol or through a powershell terminal now when logging into windows

terminal now when logging into windows this requires setting a windows password

this requires setting a windows password and can be done either through the

and can be done either through the console or the gcloud command line tool

console or the gcloud command line tool and then after setting your password you

and then after setting your password you can then log in from the recommended rdp

can then log in from the recommended rdp chrome extension or using a third-party

chrome extension or using a third-party rdp client and i will provide a link to

rdp client and i will provide a link to this rdp chrome extension in the lesson

this rdp chrome extension in the lesson text now once the instance has booted up

text now once the instance has booted up and your instance is ready to be logged

and your instance is ready to be logged into you always have the option of

into you always have the option of modifying your instance and you can do

modifying your instance and you can do it manually by either modifying it on

it manually by either modifying it on the fly or you can take the necessary

the fly or you can take the necessary steps to edit your instance like i

steps to edit your instance like i showed you in a previous lesson by

showed you in a previous lesson by stopping it editing it and then

stopping it editing it and then restarting it although when it comes to

restarting it although when it comes to google having to do maintenance on a vm

google having to do maintenance on a vm or you merely want to move your instance

or you merely want to move your instance to a different zone in the same region

to a different zone in the same region this has all become possible without

this has all become possible without shutting down your instance

shutting down your instance using a feature called live migration

using a feature called live migration now when it comes to live migration

now when it comes to live migration compute engine migrates your running

compute engine migrates your running instances to another host

instances to another host in the same zone instead of requiring

in the same zone instead of requiring your vms to be rebooted this allows

your vms to be rebooted this allows google to perform maintenance reliably

google to perform maintenance reliably without interrupting any of your vms

without interrupting any of your vms when a vm is scheduled to be live

when a vm is scheduled to be live migrated google provides a notification

migrated google provides a notification to the guest that a migration is coming

to the guest that a migration is coming soon live migration keeps your instances

soon live migration keeps your instances running during compute engine hosts that

running during compute engine hosts that are in need of regular infrastructure

are in need of regular infrastructure maintenance and upgrades replacement of

maintenance and upgrades replacement of failed hardware and system configuration

failed hardware and system configuration changes when google migrates a running

changes when google migrates a running vm instance from one host to another

vm instance from one host to another it moves the complete instance state

it moves the complete instance state from the source to the destination in a

from the source to the destination in a way that is transparent to the guest os

way that is transparent to the guest os and anyone communicating with it google

and anyone communicating with it google also gives you the option of doing live

also gives you the option of doing live migration manually from one zone to

migration manually from one zone to another within the same region either

another within the same region either using the console or running the command

using the console or running the command line you see here gcloud compute

line you see here gcloud compute instances move the name of the vm with

instances move the name of the vm with the zone flag and the zone that it's

the zone flag and the zone that it's currently in and then the destination

currently in and then the destination zone flag with the zone that you wanted

zone flag with the zone that you wanted to go to and just as a note with some

to go to and just as a note with some caveats instances with gpus attached

caveats instances with gpus attached cannot be live migrated and you can't

cannot be live migrated and you can't configure a preemptable instance to live

configure a preemptable instance to live migrate and so instance lifecycle is

migrate and so instance lifecycle is full of different options and

full of different options and understanding them can help better

understanding them can help better coordinate moving editing and repairing

coordinate moving editing and repairing vm instances no matter where they may

vm instances no matter where they may lie in this life cycle now i hope this

lie in this life cycle now i hope this lesson has given you the necessary

lesson has given you the necessary theory that will help better use the

theory that will help better use the discuss feature sets and giving you some

discuss feature sets and giving you some ideas on how to better manage your

ideas on how to better manage your instances now there is a lot more to

instances now there is a lot more to know than what i've shown you here to

know than what i've shown you here to manage your instances but topics shown

manage your instances but topics shown here are what shows up in the exam as

here are what shows up in the exam as well are some really great starting

well are some really great starting points to begin managing your instances

points to begin managing your instances and so that's pretty much all i wanted

and so that's pretty much all i wanted to cover when it comes to managing

to cover when it comes to managing instances so you can now mark this

instances so you can now mark this lesson as complete and join me in the

lesson as complete and join me in the next one where i will cement the theory

next one where i will cement the theory in this lesson with the hands-on demo

in this lesson with the hands-on demo [Music]

[Music] welcome back in this demonstration i'm

welcome back in this demonstration i'm going to be cementing some of the theory

going to be cementing some of the theory that we learned in the last lesson with

that we learned in the last lesson with regards to the different login methods

regards to the different login methods for windows and linux instances how to

for windows and linux instances how to implement these methods are extremely

implement these methods are extremely useful to know both for the exam and for

useful to know both for the exam and for managing multiple instances in different

managing multiple instances in different environments now there's a lot to cover

environments now there's a lot to cover here so with that being said let's dive

here so with that being said let's dive in so as you can see i am logged in here

in so as you can see i am logged in here under tony bowtie ace

under tony bowtie ace gmail.com as well i am in the project of

gmail.com as well i am in the project of bowtie inc and so the first thing that i

bowtie inc and so the first thing that i want to do is create both a linux

want to do is create both a linux instance and a windows instance and this

instance and a windows instance and this is to demonstrate the different options

is to demonstrate the different options you have for logging into an instance

you have for logging into an instance and so in order for me to do that i need

and so in order for me to do that i need to head on over to compute engine so i'm

to head on over to compute engine so i'm going to go over to the navigation menu

going to go over to the navigation menu and i'm going to scroll down to compute

and i'm going to scroll down to compute engine and so just as a note before

engine and so just as a note before creating your instances please make sure

creating your instances please make sure that you have a default vpc created

that you have a default vpc created before going ahead and creating these

before going ahead and creating these instances if you've forgotten how to

instances if you've forgotten how to create a default vpc please go back to

create a default vpc please go back to the networking services section and

the networking services section and watch the vpc lesson for a refresher and

watch the vpc lesson for a refresher and so i'm going to go ahead and create my

so i'm going to go ahead and create my first instance and i'm going to start

first instance and i'm going to start with the windows instance so i'm going

with the windows instance so i'm going to simply click on create

to simply click on create and so for the name of this instance you

and so for the name of this instance you can simply call this windows dash

can simply call this windows dash instance

instance and i'm not going to add any labels and

and i'm not going to add any labels and for the region you should select us

for the region you should select us east1 and you can keep the zone as the

east1 and you can keep the zone as the default for us east 1b and scrolling

default for us east 1b and scrolling down to the machine configuration for

down to the machine configuration for the machine type i'm going to keep it as

the machine type i'm going to keep it as is as it is a windows instance and i'm

is as it is a windows instance and i'm going to need a little bit more power

going to need a little bit more power scrolling down to boot disk we need to

scrolling down to boot disk we need to change this from debian over to windows

change this from debian over to windows so i'm going to simply click on the

so i'm going to simply click on the change button and under operating system

change button and under operating system i'm going to click on the drop down and

i'm going to click on the drop down and select windows server for the version

select windows server for the version i'm going to select the latest version

i'm going to select the latest version of windows server which is the windows

of windows server which is the windows server 2019 data center and you can keep

server 2019 data center and you can keep the boot disk type and the size as its

the boot disk type and the size as its default and simply head on down and

default and simply head on down and click on select and we're going to leave

click on select and we're going to leave everything else as the default and

everything else as the default and simply click on create

simply click on create and success our windows instance has

and success our windows instance has been created and so the first thing that

been created and so the first thing that you want to do is you want to set a

you want to do is you want to set a windows password for this instance and

windows password for this instance and so i'm going to head on over to the rdp

so i'm going to head on over to the rdp button and i'm going to click on the

button and i'm going to click on the drop-down and here i'm going to select

drop-down and here i'm going to select set windows password and here i'm going

set windows password and here i'm going to get a pop-up to set a new windows

to get a pop-up to set a new windows password the username has been

password the username has been propagated for me as tony bowties i'm

propagated for me as tony bowties i'm going to leave it as is and i'm going to

going to leave it as is and i'm going to click on set

click on set and i'm going to be prompted with a new

and i'm going to be prompted with a new windows password that has been set for

windows password that has been set for me so i'm going to copy this and i'm

me so i'm going to copy this and i'm going to paste it into my notepad so be

going to paste it into my notepad so be sure to record it somewhere either write

sure to record it somewhere either write it down

it down or copy and paste it into a text editor

or copy and paste it into a text editor of your choice i'm going to click on

of your choice i'm going to click on close and so now for me to log into this

close and so now for me to log into this i need to make sure of a couple things

i need to make sure of a couple things the first thing is i need to make sure

the first thing is i need to make sure that i have a firewall rule open for

that i have a firewall rule open for port 3389 the second is i need to make

port 3389 the second is i need to make sure that i have an rdp client and so in

sure that i have an rdp client and so in order to satisfy my first constraint i'm

order to satisfy my first constraint i'm going to head on over to the navigation

going to head on over to the navigation menu and go down to vpc network

menu and go down to vpc network here i'm going to select firewall and as

here i'm going to select firewall and as expected the rdp firewall rule has been

expected the rdp firewall rule has been already created due to the fact that

already created due to the fact that upon creation of the default vpc network

upon creation of the default vpc network this default firewall rule is always

this default firewall rule is always created and so now that i've gotten that

created and so now that i've gotten that out of the way i'm going to head back on

out of the way i'm going to head back on over to compute engine

over to compute engine and what i'm going to do is i'm going to

and what i'm going to do is i'm going to record the external ip so that i'll be

record the external ip so that i'll be able to log into it now i'm going to be

able to log into it now i'm going to be logging into this instance

logging into this instance from both a windows client and a mac

from both a windows client and a mac client so starting with windows i'm

client so starting with windows i'm going to head on over to my windows

going to head on over to my windows virtual machine and because i know

virtual machine and because i know windows has a default rdp client already

windows has a default rdp client already built in i'm going to simply bring it up

built in i'm going to simply bring it up by hitting the windows key and typing

by hitting the windows key and typing remote desktop connection

remote desktop connection i'm going to click on that i'm going to

i'm going to click on that i'm going to paste in the public ip for the instance

paste in the public ip for the instance that i just recorded and i'm going to

that i just recorded and i'm going to click on connect you should get a pop-up

click on connect you should get a pop-up asking for your credentials i'm going to

asking for your credentials i'm going to type in my username as tony bowtie ace

type in my username as tony bowtie ace as well i'm going to paste in the

as well i'm going to paste in the password and i'm going to click on ok

password and i'm going to click on ok i'm prompted to accept the security

i'm prompted to accept the security certificate and i'm going to select yes

certificate and i'm going to select yes and success

and success i'm now connected to my windows server

i'm now connected to my windows server instance and it's going to run all its

instance and it's going to run all its necessary startup scripts you may get a

necessary startup scripts you may get a couple of prompts that come up

couple of prompts that come up asking you if you want to connect to

asking you if you want to connect to your network

your network absolutely i'm going to close down

absolutely i'm going to close down server manager just for now

server manager just for now and another thing that i wanted to note

and another thing that i wanted to note is that when you create a windows

is that when you create a windows instance there will automatically be

instance there will automatically be provisioned a google cloud shell with

provisioned a google cloud shell with the sdk pre-installed and so you'll be

the sdk pre-installed and so you'll be able to run all your regular commands

able to run all your regular commands right from this shell without having to

right from this shell without having to install it and this is due to the guest

install it and this is due to the guest environment that was automatically

environment that was automatically installed on the vm instance upon

installed on the vm instance upon creation and this is a perfect example

creation and this is a perfect example of some of the scripts that are

of some of the scripts that are installed with the guest environment i'm

installed with the guest environment i'm going to go ahead and close out of this

going to go ahead and close out of this and i'm going to go ahead and close out

and i'm going to go ahead and close out of my instance

of my instance hit ok and so being here in windows i

hit ok and so being here in windows i wanted to show you an alternate way of

wanted to show you an alternate way of logging into your instance through

logging into your instance through powershell so for those of you who are

powershell so for those of you who are quite versed in windows and use

quite versed in windows and use powershell in your day-to-day there is

powershell in your day-to-day there is an easy way to log into your instance

an easy way to log into your instance using powershell now in order for me to

using powershell now in order for me to do that i need to open another firewall

do that i need to open another firewall rule covering tcp port 5986 so i'm going

rule covering tcp port 5986 so i'm going to head on over back to the google cloud

to head on over back to the google cloud console i'm going to head over to the

console i'm going to head over to the navigation menu and i'm going to scroll

navigation menu and i'm going to scroll down to vpc network

down to vpc network i'm going to go into firewall and i'm

i'm going to go into firewall and i'm going to create a new firewall rule and

going to create a new firewall rule and under name i'm going to name this as

under name i'm going to name this as allow

allow powershell i'm going to use the same for

powershell i'm going to use the same for the description i'm going to scroll down

the description i'm going to scroll down to targets and i'm going to select all

to targets and i'm going to select all instances in the network and under

instances in the network and under source ip ranges for this demonstration

source ip ranges for this demonstration i'm going to use

i'm going to use 0.0.0.0 forward slash 0. and again this

0.0.0.0 forward slash 0. and again this should not be used in a production

should not be used in a production environment but is used merely for this

environment but is used merely for this demo i'm going to leave everything else

demo i'm going to leave everything else as is and i'm going to go down to

as is and i'm going to go down to protocols and ports i'm going to click

protocols and ports i'm going to click on tcp and i'm going to type in 5986 for

on tcp and i'm going to type in 5986 for the port and i'm going to click on

the port and i'm going to click on create i'm going to give it a second

create i'm going to give it a second just to create and it took a couple

just to create and it took a couple seconds but our firewall rule is now

seconds but our firewall rule is now created and so now i'm gonna head over

created and so now i'm gonna head over to my windows vm and i'm gonna open up a

to my windows vm and i'm gonna open up a powershell command prompt and hit the

powershell command prompt and hit the windows key and type in powershell

windows key and type in powershell and so in order for me to not get

and so in order for me to not get constantly asked about my username and

constantly asked about my username and password i'm going to use a variable

password i'm going to use a variable that will keep my password for me and so

that will keep my password for me and so every time i connect to my windows

every time i connect to my windows instance i won't need to type it in all

instance i won't need to type it in all the time and so the command for that is

the time and so the command for that is dollar sign credentials equals get dash

dollar sign credentials equals get dash credential i'm going to hit enter and

credential i'm going to hit enter and i'm going to get a prompt to type in my

i'm going to get a prompt to type in my username and password so i'm going to

username and password so i'm going to simply type that in now along with my

simply type that in now along with my password and hit ok and if you don't get

password and hit ok and if you don't get a prompt with any errors then chances

a prompt with any errors then chances are that you've been successful at

are that you've been successful at entering your credentials and so now in

entering your credentials and so now in order to connect to the instance you're

order to connect to the instance you're going to need the public ip address

going to need the public ip address again so i'm going to head on over back

again so i'm going to head on over back to the console i'm going to head on over

to the console i'm going to head on over to the navigation menu and back to

to the navigation menu and back to compute engine here i'm going to record

compute engine here i'm going to record the external ip and i'm going to head on

the external ip and i'm going to head on over back to my windows virtual machine

over back to my windows virtual machine and so you're going to enter this

and so you're going to enter this command which i will include in the

command which i will include in the lesson text and you'll also be able to

lesson text and you'll also be able to find it in the github repository beside

find it in the github repository beside computer name you're going to put in

computer name you're going to put in your public ip address of your windows

your public ip address of your windows instance and make sure at the end you

instance and make sure at the end you have your credentials variable i'm going

have your credentials variable i'm going to simply click enter and success i'm

to simply click enter and success i'm now connected to my windows instance in

now connected to my windows instance in google cloud so as you can see here on

google cloud so as you can see here on the left

the left is the public ip of my windows instance

is the public ip of my windows instance and so these are the various ways that

and so these are the various ways that you can connect to your windows instance

you can connect to your windows instance from a windows machine and so now for me

from a windows machine and so now for me to connect to my windows instance on a

to connect to my windows instance on a mac i'm going to head on over there now

mac i'm going to head on over there now and like i said before i need to satisfy

and like i said before i need to satisfy the constraint of having an rdp client

the constraint of having an rdp client unfortunately mac does not come with an

unfortunately mac does not come with an rdp client and so the recommended tool

rdp client and so the recommended tool to use is the chrome extension but i

to use is the chrome extension but i personally like microsoft's rdp for mac

personally like microsoft's rdp for mac application and so i'm going to go ahead

application and so i'm going to go ahead and do a walkthrough of the installation

and do a walkthrough of the installation so i'm going to start off by opening up

so i'm going to start off by opening up safari and i'm going to paste in this

safari and i'm going to paste in this url which i will include in the lesson

url which i will include in the lesson text

text and microsoft has made available a

and microsoft has made available a microsoft remote desktop app available

microsoft remote desktop app available in the app store i'm going to go ahead

in the app store i'm going to go ahead and view it in the app store and i'm

and view it in the app store and i'm going to simply click on get and then

going to simply click on get and then install and once you've entered your

install and once you've entered your credentials and you've downloaded and

credentials and you've downloaded and installed it you can simply click on

installed it you can simply click on open i'm going to click on not now and

open i'm going to click on not now and continue and i'm going to close all

continue and i'm going to close all these other windows for better viewing

these other windows for better viewing i'm going to click on add pc i'm going

i'm going to click on add pc i'm going to paste in the public ip address of my

to paste in the public ip address of my windows instance and under user account

windows instance and under user account i'm going to add my user account type in

i'm going to add my user account type in my username paste in my password you can

my username paste in my password you can add a friendly name here i'm going to

add a friendly name here i'm going to type in windows dash gc for google cloud

type in windows dash gc for google cloud and i'm going to click on add and then

and i'm going to click on add and then once you've pasted in all the

once you've pasted in all the credentials and your information you can

credentials and your information you can then click on add and i should be able

then click on add and i should be able to connect to my windows instance by

to connect to my windows instance by double clicking on this window it's

double clicking on this window it's asking me for my certificates i'm going

asking me for my certificates i'm going to hit continue

to hit continue and success i'm connected to my windows

and success i'm connected to my windows instance and so this is how you would

instance and so this is how you would connect to a windows instance from a

connect to a windows instance from a windows machine as well as from a mac as

windows machine as well as from a mac as well there are a couple of other options

well there are a couple of other options that i wanted to show you over here on

that i wanted to show you over here on the drop down beside rdp i can download

the drop down beside rdp i can download an rdp file which will contain the

an rdp file which will contain the public ip address of the windows

public ip address of the windows instance along with your username if i

instance along with your username if i need to reset my password i can view the

need to reset my password i can view the gcloud command to do it or i can set a

gcloud command to do it or i can set a new windows password if i forgotten my

new windows password if i forgotten my old one and so that's everything i had

old one and so that's everything i had to show you with regards to connecting

to show you with regards to connecting to a windows instance and so since this

to a windows instance and so since this demo was getting kind of long i decided

demo was getting kind of long i decided to split it up into two parts

to split it up into two parts and so this is the end of part one of

and so this is the end of part one of this demo and this would be a great

this demo and this would be a great opportunity to get up and have a stretch

opportunity to get up and have a stretch grab yourself a tea or a coffee and

grab yourself a tea or a coffee and whenever you're ready you can join me in

whenever you're ready you can join me in part two where we will be starting

part two where we will be starting immediately from the end of part 1 so

immediately from the end of part 1 so you can complete this video and i'll see

you can complete this video and i'll see you in part 2.

you in part 2. [Music]

[Music] welcome back this is part 2 of the

welcome back this is part 2 of the connecting to your instances demo and we

connecting to your instances demo and we will be starting exactly where we left

will be starting exactly where we left off in part one so with that being said

off in part one so with that being said let's dive in and so now that we've

let's dive in and so now that we've created our windows instance and went

created our windows instance and went through all the methods of how to

through all the methods of how to connect to it let's go ahead and create

connect to it let's go ahead and create a linux instance i'm going to go up to

a linux instance i'm going to go up to the top menu here and click on create

the top menu here and click on create instance and i'm going to name this

instance and i'm going to name this instance

instance linux instance i'm not going to give it

linux instance i'm not going to give it any labels under region i'm going to

any labels under region i'm going to select the us east one region and the

select the us east one region and the zone i'm going to leave it as its set

zone i'm going to leave it as its set default as us east 1b the machine

default as us east 1b the machine configuration i'm going to leave it as

configuration i'm going to leave it as is under boot disk i'm going to leave

is under boot disk i'm going to leave this as is with the debian distribution

this as is with the debian distribution and i'm going to go ahead and click on

and i'm going to go ahead and click on create

okay and our linux instance has been created and in order for me to connect

created and in order for me to connect to it

to it i am going to ssh into it but first i

i am going to ssh into it but first i need to satisfy the constraint of having

need to satisfy the constraint of having a firewall rule with tcp port 22 open so

a firewall rule with tcp port 22 open so i'm going to head on over to the

i'm going to head on over to the navigation menu

navigation menu and i'm going to scroll down to vpc

and i'm going to scroll down to vpc network i'm going to head on over to

network i'm going to head on over to firewall and as expected the allow ssh

firewall and as expected the allow ssh firewall rule has been created alongside

firewall rule has been created alongside the default vpc network and so since

the default vpc network and so since i've satisfied that constraint i can

i've satisfied that constraint i can head back on over to compute engine and

head back on over to compute engine and so here i have a few different options

so here i have a few different options that i can select from for logging into

that i can select from for logging into my linux instance i can open in a

my linux instance i can open in a browser window if i decided i wanted to

browser window if i decided i wanted to put it on a custom port i can use this

put it on a custom port i can use this option here if i provided a private ssh

option here if i provided a private ssh key to connect to this linux instance i

key to connect to this linux instance i can use this option here i have the

can use this option here i have the option of viewing the gcloud command in

option of viewing the gcloud command in order to connect to it

order to connect to it and i've been presented with a pop-up

and i've been presented with a pop-up with the command to use within the

with the command to use within the gcloud command line in order to connect

gcloud command line in order to connect to my instance i can run it now in cloud

to my instance i can run it now in cloud shell but i'm going to simply close it

shell but i'm going to simply close it and so whether you are on a mac a

and so whether you are on a mac a windows machine or a linux machine you

windows machine or a linux machine you can simply click on ssh and it will open

can simply click on ssh and it will open a new browser window connecting you to

a new browser window connecting you to your instance

now when you connect to your linux instance for the first time

instance for the first time compute engine generates an ssh key pair

compute engine generates an ssh key pair for you this key pair by default is

for you this key pair by default is added to your project or instance

added to your project or instance metadata and this will give you the

metadata and this will give you the freedom of not having to worry about

freedom of not having to worry about managing keys now if your account is

managing keys now if your account is configured to use os login compute

configured to use os login compute engine stores the generated key pair

engine stores the generated key pair with your user account

with your user account now when connecting to your linux

now when connecting to your linux instance in most scenarios google

instance in most scenarios google recommends using os login this feature

recommends using os login this feature lets you use iam roles to manage ssh

lets you use iam roles to manage ssh access to linux instances and this

access to linux instances and this relieves the complexity of having to

relieves the complexity of having to manage multiple key pairs and is the

manage multiple key pairs and is the recommended way to manage many users

recommended way to manage many users across multiple instances or projects

across multiple instances or projects and so i'm going to go ahead now and

and so i'm going to go ahead now and show you how to configure os login for

show you how to configure os login for your linux instance and the way to do

your linux instance and the way to do this will be very similar on all

this will be very similar on all platforms so i'm going to go ahead and

platforms so i'm going to go ahead and go back to my mac vm and i'm going to

go back to my mac vm and i'm going to open up my terminal

open up my terminal make this bigger for better viewing

make this bigger for better viewing and i'm going to start by running the

and i'm going to start by running the gcloud init command in order to make

gcloud init command in order to make sure i'm using the right user and for

sure i'm using the right user and for the sake of this demonstration i'm going

the sake of this demonstration i'm going to re-initialize this configuration so

to re-initialize this configuration so i'm going to click on one hit enter

i'm going to click on one hit enter number two for tony bowtie ace and i'm

number two for tony bowtie ace and i'm going to use project bow tie ink so 1

going to use project bow tie ink so 1 and i'm not going to configure a default

and i'm not going to configure a default compute region in zone and so if i run

compute region in zone and so if i run the gcloud config list command i can see

the gcloud config list command i can see that the account that i'm using is tony

that the account that i'm using is tony bowties gmail.com in project bowtie inc

bowties gmail.com in project bowtie inc and so because os login requires a key

and so because os login requires a key pair i'm going to have to generate that

pair i'm going to have to generate that myself so i'm going to go ahead and

myself so i'm going to go ahead and clear the screen and i'm going to use

clear the screen and i'm going to use the command ssh keygen and this is the

the command ssh keygen and this is the command to create a public and private

command to create a public and private key pair i'm going to use the default

key pair i'm going to use the default path to save my key and i'm going to

path to save my key and i'm going to enter a passphrase

enter a passphrase i'm going to enter it again and i

i'm going to enter it again and i recommend that you write down your

recommend that you write down your passphrase so that you don't forget it

passphrase so that you don't forget it as when you lose it you will be unable

as when you lose it you will be unable to use your key pair and so if i change

to use your key pair and so if i change directory to dot ssh and do an ls for

directory to dot ssh and do an ls for list i can see that i now have my public

list i can see that i now have my public and private key pair the private key

and private key pair the private key lying in id underscore rsa and the

lying in id underscore rsa and the public key lying in id underscore

public key lying in id underscore rsa.pub and so another constraint that i

rsa.pub and so another constraint that i have is i need to enable os login for my

have is i need to enable os login for my linux instance so i'm going to go ahead

linux instance so i'm going to go ahead and go back to the console and i'm going

and go back to the console and i'm going to go ahead and go into my linux

to go ahead and go into my linux instance

instance i'm going to click on edit and if you

i'm going to click on edit and if you scroll down you will come to some fields

scroll down you will come to some fields marked as custom metadata and under key

marked as custom metadata and under key you will type in enable dash os login

you will type in enable dash os login and under value you will type in all

and under value you will type in all caps true now i wanted to take a moment

caps true now i wanted to take a moment here to discuss this feature here under

here to discuss this feature here under ssh keys for block project wide ssh keys

ssh keys for block project wide ssh keys now project wide public ssh keys are

now project wide public ssh keys are meant to give users access to all of the

meant to give users access to all of the linux instances in a project that allow

linux instances in a project that allow project project-wide public ssh keys so

project project-wide public ssh keys so if an instance blocks project-wide

if an instance blocks project-wide public ssh keys as you see here

public ssh keys as you see here a user can't use their project-wide

a user can't use their project-wide public ssh key to connect to the

public ssh key to connect to the instance

instance unless the same public ssh key is also

unless the same public ssh key is also added to the instance metadata this

added to the instance metadata this allows only users whose public ssh key

allows only users whose public ssh key is stored in instance level metadata to

is stored in instance level metadata to access the instance

access the instance and so this is an important feature to

and so this is an important feature to note for the exam and so we're going to

note for the exam and so we're going to leave this feature checked off for now

leave this feature checked off for now and then you can go to the bottom and

and then you can go to the bottom and click on save now if i wanted to enable

click on save now if i wanted to enable os login for all instances in my project

os login for all instances in my project i can simply go over to the menu on the

i can simply go over to the menu on the left and click on metadata and add the

left and click on metadata and add the metadata here with the same values so

metadata here with the same values so under key i type in enable dash os login

under key i type in enable dash os login and under value i type in in all caps

and under value i type in in all caps true but i don't want to enable it for

true but i don't want to enable it for all my instances

all my instances only for that one specific instance so

only for that one specific instance so with regards to project-wide public keys

with regards to project-wide public keys these keys can be managed through

these keys can be managed through metadata and should only be used as a

metadata and should only be used as a last resort if you cannot use the other

last resort if you cannot use the other tools such as ssh from the console or os

tools such as ssh from the console or os login these are where the keys are

stored and so you can always find them here when looking for them here as you

here when looking for them here as you can see there are a couple of keys for

can see there are a couple of keys for tony bowtie ace that i have used for

tony bowtie ace that i have used for previous instances and so i'm going to

previous instances and so i'm going to go back to metadata just to make sure

go back to metadata just to make sure that my key value pair for os login has

that my key value pair for os login has not been saved and it is not and i'm

not been saved and it is not and i'm going to head back on over to my

going to head back on over to my instances and so now that my constraint

instances and so now that my constraint has been fulfilled where i've enabled

has been fulfilled where i've enabled the os login feature by adding the

the os login feature by adding the unnecessary metadata i'm going to head

unnecessary metadata i'm going to head on over back to my mac vm

on over back to my mac vm i'm going to go ahead and clear the

i'm going to go ahead and clear the screen so now i'm going to go ahead and

screen so now i'm going to go ahead and log into my instance using os login by

log into my instance using os login by using the command gcloud compute os dash

using the command gcloud compute os dash login ssh dash keys add and then the

flag key dash file and then the path for my public key which is dot ssh forward

my public key which is dot ssh forward slash id underscore rsa.pub i'm gonna

slash id underscore rsa.pub i'm gonna hit enter

hit enter and so my key has been successfully

and so my key has been successfully stored with my user account i'm gonna go

stored with my user account i'm gonna go ahead and make this a little bigger for

ahead and make this a little bigger for better viewing and so in order to log

better viewing and so in order to log into my instance i'm going to need my

into my instance i'm going to need my username which is right up here under

username which is right up here under username i'm going to copy that and i'm

username i'm going to copy that and i'm just going to clear my screen for a

just going to clear my screen for a second here for better viewing and so in

second here for better viewing and so in order for me to ssh into my instance i'm

order for me to ssh into my instance i'm going to type in the command ssh minus i

going to type in the command ssh minus i i'm going to have to provide my private

i'm going to have to provide my private key which is in dot ssh forward slash id

key which is in dot ssh forward slash id underscore rsa and then my username that

underscore rsa and then my username that i had recorded earlier at and then i'm

i had recorded earlier at and then i'm going to need my public ip address of my

going to need my public ip address of my linux instance so i'm going to head back

linux instance so i'm going to head back over to the console for just a sec

over to the console for just a sec i'm going to copy the ip address head

i'm going to copy the ip address head back over to my mac vm paste it in and

back over to my mac vm paste it in and hit enter it's asking if i want to

hit enter it's asking if i want to continue yes i do

continue yes i do enter the passphrase for my key

enter the passphrase for my key and success i am connected and so there

and success i am connected and so there is one caveat that i wanted to show you

is one caveat that i wanted to show you with regards to permissions for os login

with regards to permissions for os login so i'm going to head back over to the

so i'm going to head back over to the console and i'm going to go up to the

console and i'm going to go up to the navigation menu and head over to i am an

navigation menu and head over to i am an admin now as you can see here tony

admin now as you can see here tony bowties gmail.com has the role of owner

bowties gmail.com has the role of owner and therefore i don't need any granular

and therefore i don't need any granular specific permissions i have the access

specific permissions i have the access to do absolutely anything now in case i

to do absolutely anything now in case i was a different user and i didn't hold

was a different user and i didn't hold the role of owner i would be looking for

the role of owner i would be looking for specific permissions

specific permissions that would be under compute

that would be under compute os login and this would give me

os login and this would give me permissions as a standard user now if i

permissions as a standard user now if i wanted super user access or root access

wanted super user access or root access i would need to be given the compute os

i would need to be given the compute os admin login role and as you can see it

admin login role and as you can see it would allow me administrator user

would allow me administrator user privileges so when using os login and

privileges so when using os login and the member is not an owner one of these

the member is not an owner one of these two roles are needed so i'm going to

two roles are needed so i'm going to exit out of here i'm going to hit cancel

exit out of here i'm going to hit cancel and so that about covers everything that

and so that about covers everything that i wanted to show you with regards to all

i wanted to show you with regards to all the different methods that you can use

the different methods that you can use for connecting to vm instances for both

for connecting to vm instances for both windows and linux instances now i know

windows and linux instances now i know this may have been a refresher for some

this may have been a refresher for some but for others

but for others knowing all the different methods of

knowing all the different methods of connecting to instances can come in very

connecting to instances can come in very useful especially when coordinating many

useful especially when coordinating many instances in bigger environments i want

instances in bigger environments i want to congratulate you on making it to the

to congratulate you on making it to the end of this demo and gaining a bit more

end of this demo and gaining a bit more knowledge on this crucial part of

knowledge on this crucial part of managing your instances so before you go

managing your instances so before you go be sure to delete any resources that

be sure to delete any resources that you've created and again congrats on the

you've created and again congrats on the great job so you can now mark this as

great job so you can now mark this as complete and i'll see you in the next

complete and i'll see you in the next one

welcome back in this demonstration i'll be discussing metadata and how it can

be discussing metadata and how it can pertain to a project as well as an

pertain to a project as well as an instance as well i'm going to touch on

instance as well i'm going to touch on startup and shutdown scripts and it's

startup and shutdown scripts and it's real world use cases in the last lesson

real world use cases in the last lesson we touched the tip of the iceberg when

we touched the tip of the iceberg when it came to metadata and wanted to go a

it came to metadata and wanted to go a bit deeper on this topic as i personally

bit deeper on this topic as i personally feel that it holds so much value

feel that it holds so much value and give you some ideas on how you can

and give you some ideas on how you can use it i'm also going to combine the

use it i'm also going to combine the metadata using variables in a startup

metadata using variables in a startup script and i'm going to bring to life

script and i'm going to bring to life something that's dynamic in nature so

something that's dynamic in nature so with that being said let's dive in so i

with that being said let's dive in so i am currently logged in as tony at bowtie

am currently logged in as tony at bowtie ace gmail.com

ace gmail.com under the project of bow tie inc and so

under the project of bow tie inc and so in order to get right into the metadata

in order to get right into the metadata i'm going to head on over to my

i'm going to head on over to my navigation menu and go straight to

navigation menu and go straight to compute engine and over here on the left

compute engine and over here on the left hand menu you will see metadata and you

hand menu you will see metadata and you can drill down into there now as i

can drill down into there now as i explained in a previous lesson

explained in a previous lesson metadata can be assigned to both

metadata can be assigned to both projects and instances while instance

projects and instances while instance metadata

metadata only impacts a specific instance so here

only impacts a specific instance so here i can add and store metadata which will

i can add and store metadata which will be used on a project-wide basis as well

be used on a project-wide basis as well as mentioned earlier metadata is stored

as mentioned earlier metadata is stored in key value pairs and can be added at

in key value pairs and can be added at any time now this is a way to add custom

any time now this is a way to add custom metadata but there is a default set of

metadata but there is a default set of metadata entries that every instance has

metadata entries that every instance has access to and again this applies for

access to and again this applies for both project and instance metadata so

both project and instance metadata so here i have the option of setting my

here i have the option of setting my custom metadata for the entire project

custom metadata for the entire project and so i'm going to dive into where to

and so i'm going to dive into where to store custom metadata on an instance and

store custom metadata on an instance and so in order for me to show you this i'm

so in order for me to show you this i'm going to first head over to vm instances

going to first head over to vm instances and create my instance and so just as a

and create my instance and so just as a note before creating your instance make

note before creating your instance make sure that you have the default vpc

sure that you have the default vpc created and so because i like to double

created and so because i like to double check things i'm going to head over to

check things i'm going to head over to the navigation menu i'm going to scroll

the navigation menu i'm going to scroll down to vpc network and as expected i

down to vpc network and as expected i have the default vpc already created and

have the default vpc already created and so this means i can go ahead and create

so this means i can go ahead and create my instance so i'm going to head back on

my instance so i'm going to head back on over to compute engine

over to compute engine and i'm going to create my instance and

and i'm going to create my instance and i'm going to name this instance

i'm going to name this instance bowtie dash web server i'm not going to

bowtie dash web server i'm not going to add any labels and under the region i'm

add any labels and under the region i'm going to select us east one and you can

going to select us east one and you can keep the zone as the default as us east

keep the zone as the default as us east 1b under machine type i want to keep

1b under machine type i want to keep things cost effective so i'm going to

things cost effective so i'm going to select the e2 micro i'm going to scroll

select the e2 micro i'm going to scroll down and under identity and api access i

down and under identity and api access i want to set access for each api

want to set access for each api and scroll down to compute engine i want

and scroll down to compute engine i want to select it and i want to select on

to select it and i want to select on read write and i'm going to leave the

read write and i'm going to leave the rest as is and scrolling down to the

rest as is and scrolling down to the bottom i want to click on management

bottom i want to click on management security disks networking and sold

security disks networking and sold tenancy

tenancy and under here you will find the option

and under here you will find the option to add any custom metadata and you can

to add any custom metadata and you can provide it right here under metadata as

provide it right here under metadata as a key value pair but we're not going to

a key value pair but we're not going to add any metadata right now so i'm just

add any metadata right now so i'm just going to scroll down to the bottom i'm

going to scroll down to the bottom i'm going to leave everything else as is and

going to leave everything else as is and simply click on create

simply click on create and it should take a few moments for my

and it should take a few moments for my instance to be created okay and now that

instance to be created okay and now that my instance is up i want to go ahead and

my instance is up i want to go ahead and start querying the metadata now just as

start querying the metadata now just as a note metadata must be queried from the

a note metadata must be queried from the instance itself and can't be done from

instance itself and can't be done from another instance or even from the cloud

another instance or even from the cloud sdk on your computer so i'm going to go

sdk on your computer so i'm going to go ahead and log into the instance using

ahead and log into the instance using ssh

okay and now that i'm logged into my instance i want to start querying the

instance i want to start querying the metadata now normally you would use

metadata now normally you would use tools like wget or curl to make these

tools like wget or curl to make these queries

queries in this demo i will use curl and for

in this demo i will use curl and for those who don't know curl is a command

those who don't know curl is a command line tool to transfer data to or from a

line tool to transfer data to or from a server using supported protocols like

server using supported protocols like http ftp scp and many more this tool is

http ftp scp and many more this tool is fantastic for automation since it's

fantastic for automation since it's designed to work without any user

designed to work without any user interaction and so i'm going to paste in

interaction and so i'm going to paste in the url that i am going to use to query

the url that i am going to use to query the instance metadata and this is the

the instance metadata and this is the default url that you would use to query

default url that you would use to query any metadata on any instance getting a

any metadata on any instance getting a little deeper into it a trailing slash

little deeper into it a trailing slash shown here shows that the instance value

shown here shows that the instance value is actually a directory and will have

is actually a directory and will have other values that append to this url

other values that append to this url whether they are other directories or

whether they are other directories or just endpoint values now when you query

just endpoint values now when you query for metadata you must provide the

for metadata you must provide the following header in all of your requests

following header in all of your requests metadata dash flavor colon google and

metadata dash flavor colon google and should be put in quotations if you don't

should be put in quotations if you don't provide this header the metadata server

provide this header the metadata server will deny your request so i'm going to

will deny your request so i'm going to go ahead and hit enter and as you can

go ahead and hit enter and as you can see i've been brought up a lot of

see i've been brought up a lot of different values that i can choose from

different values that i can choose from in order to retrieve different types of

in order to retrieve different types of metadata and as stated before anything

metadata and as stated before anything with a trailing slash is actually a

with a trailing slash is actually a directory and will have other values

directory and will have other values underneath it so if i wanted to query

underneath it so if i wanted to query the network interfaces

the network interfaces and because it's a directory i need to

and because it's a directory i need to make sure that i add the trailing slash

make sure that i add the trailing slash at the end and as you can see here i

at the end and as you can see here i have the network interface of 0 and i'm

have the network interface of 0 and i'm going to go ahead and query that

going to go ahead and query that and here i will have access to all the

and here i will have access to all the information about the network interface

information about the network interface on this instance so i'm going to go

on this instance so i'm going to go ahead and query the network on this

ahead and query the network on this interface and as expected the default

interface and as expected the default network is displayed i'm going to

network is displayed i'm going to quickly go ahead and clear my screen and

quickly go ahead and clear my screen and i'm going to go ahead and query some

i'm going to go ahead and query some more metadata this time i'm going to do

more metadata this time i'm going to do the name of the server and as expected

the name of the server and as expected bowtie dash web server showed up and

bowtie dash web server showed up and because it's an endpoint i don't need

because it's an endpoint i don't need the trailing slash at the end i'm going

the trailing slash at the end i'm going to go ahead and do one more this time

to go ahead and do one more this time i'm going to choose machine type

i'm going to choose machine type and again as expected the e2 micro

and again as expected the e2 micro machine type is displayed and so just as

machine type is displayed and so just as a note for those who haven't noticed any

a note for those who haven't noticed any time that you query metadata it will

time that you query metadata it will show up to the left of your command

show up to the left of your command prompt now what i've shown you here is

prompt now what i've shown you here is what you can do with instance metadata

what you can do with instance metadata and so how about if you wanted to query

and so how about if you wanted to query any project metadata well instead of

any project metadata well instead of instance at the end you would use

instance at the end you would use project with the trailing slash i'm

project with the trailing slash i'm going to simply click on enter and as

going to simply click on enter and as you can see here project doesn't give me

you can see here project doesn't give me a whole lot of options but it does give

a whole lot of options but it does give me some important values like project id

me some important values like project id so i'm going to simply query that right

so i'm going to simply query that right now and as expected bowtie inc is

now and as expected bowtie inc is displayed and so this is a great example

displayed and so this is a great example of how to query any default metadata for

of how to query any default metadata for instances and for projects now you're

instances and for projects now you're probably wondering how do i query my

probably wondering how do i query my custom metadata well once custom

custom metadata well once custom metadata has been set you can then query

metadata has been set you can then query it from the attributes directory in the

it from the attributes directory in the attributes directory can be found in

attributes directory can be found in both the instance and project metadata

both the instance and project metadata so i'm going to go ahead and show you

so i'm going to go ahead and show you that now but first i wanted to add some

that now but first i wanted to add some custom metadata and this can be set in

custom metadata and this can be set in either the console the gcloud command

either the console the gcloud command line tool or using the api and so i'm

line tool or using the api and so i'm going to run the command here gcloud

going to run the command here gcloud compute instances add dash metadata the

compute instances add dash metadata the name of your instance and when you're

name of your instance and when you're adding custom metadata you would add the

adding custom metadata you would add the flag dash dash metadata with the key

flag dash dash metadata with the key value pair which in this example is

value pair which in this example is environment equals dev and then i'm also

environment equals dev and then i'm also going to add the zone of the instance

going to add the zone of the instance which is us east 1a and i'm going to hit

which is us east 1a and i'm going to hit enter

enter and because i had a typo there i'm going

and because i had a typo there i'm going to go ahead and try that again using us

to go ahead and try that again using us east 1b

east 1b i'm going to hit on enter

i'm going to hit on enter and success and so to verify that this

and success and so to verify that this command has worked

command has worked i'm going to go ahead and query the

i'm going to go ahead and query the instance and i'm going to go under

instance and i'm going to go under attributes

attributes i'm going to hit on enter and as you can

i'm going to hit on enter and as you can see here the environment endpoint has

see here the environment endpoint has been populated so i'm going to query

been populated so i'm going to query that and as expected dev is displaying

that and as expected dev is displaying as the environment value now if i wanted

as the environment value now if i wanted to double check that in the console i

to double check that in the console i can go over to the console i can drill

can go over to the console i can drill down into bowtie web server

down into bowtie web server and if i scroll down to the bottom under

and if i scroll down to the bottom under custom metadata you can see the key

custom metadata you can see the key value pair here has m as the key and dev

value pair here has m as the key and dev being the value and so these are the

being the value and so these are the many different ways that you can query

many different ways that you can query metadata for any instances or projects

metadata for any instances or projects now i wanted to take a quick moment to

now i wanted to take a quick moment to switch gears and talk about startup and

switch gears and talk about startup and shutdown scripts now compute engine lets

shutdown scripts now compute engine lets you create and run your own startup and

you create and run your own startup and shutdown scripts on your vm instance and

shutdown scripts on your vm instance and this allows you to perform automation

this allows you to perform automation that can perform actions when starting

that can perform actions when starting up such as installing software

up such as installing software performing updates or any other tasks

performing updates or any other tasks that are defined in the script and when

that are defined in the script and when shutting down you can allow instances

shutting down you can allow instances time to clean up on perform tasks such

time to clean up on perform tasks such as exporting logs to cloud storage or

as exporting logs to cloud storage or bigquery or syncing with other systems

bigquery or syncing with other systems and so i wanted to go ahead and show you

and so i wanted to go ahead and show you how this would work while combining

how this would work while combining metadata into the script so i'm going to

metadata into the script so i'm going to go ahead and drill down into bow tie web

go ahead and drill down into bow tie web server

server i'm going to click on edit and i'm going

i'm going to click on edit and i'm going to scroll down here

to scroll down here to custom metadata i'm going to click on

to custom metadata i'm going to click on add item and under key i'm going to type

add item and under key i'm going to type in

in startup dash script and under value i'm

startup dash script and under value i'm going to paste in my script i'm going to

going to paste in my script i'm going to just enlarge this here for a second and

just enlarge this here for a second and i will be providing the script in the

i will be providing the script in the github repository now just to break it

github repository now just to break it down this is a bash script i'm pulling

down this is a bash script i'm pulling in a variable called name which will

in a variable called name which will query the instance name as well i have a

query the instance name as well i have a variable called zone which will query

variable called zone which will query the instance zone i'm going to be

the instance zone i'm going to be installing an apache web server and it's

installing an apache web server and it's going to display on a web browser both

going to display on a web browser both the server name and the zone that it's

the server name and the zone that it's in and so in order for me to see this

in and so in order for me to see this web page i also need to open up some

web page i also need to open up some firewall rules and so an easy way to do

firewall rules and so an easy way to do this would be to scroll up to firewalls

this would be to scroll up to firewalls and simply click on allow http and allow

and simply click on allow http and allow https traffic this will tag the instance

https traffic this will tag the instance with some network tags as http server

with some network tags as http server and https server and create two separate

and https server and create two separate firewall rules that will allow traffic

firewall rules that will allow traffic for port 80 and port 443 so i'm going to

for port 80 and port 443 so i'm going to leave everything else as is i'm going to

leave everything else as is i'm going to scroll down to the bottom and click on

scroll down to the bottom and click on save okay and it took a few seconds

save okay and it took a few seconds there but it did finish saving i'm going

there but it did finish saving i'm going to go ahead and go up to the top and

to go ahead and go up to the top and click on reset and this will perform a

click on reset and this will perform a hard reset on the instance and will

hard reset on the instance and will allow the startup script to take effect

allow the startup script to take effect so i'm going to click on reset it's

so i'm going to click on reset it's going to ask me if i really want to do

going to ask me if i really want to do this and for the purposes of this

this and for the purposes of this demonstration i'm going to click on

demonstration i'm going to click on reset please note you should never do

reset please note you should never do this in production as it doesn't do a

this in production as it doesn't do a clean shutdown on the operating system

clean shutdown on the operating system but as this is an instance with nothing

but as this is an instance with nothing on it i'm going to simply click on reset

on it i'm going to simply click on reset now i'm going to head on back to the

now i'm going to head on back to the main console for my vm instances and i'm

main console for my vm instances and i'm going to record my external ip i'm going

going to record my external ip i'm going to open up a new browser i'm going to

to open up a new browser i'm going to zoom in for better viewing and i'm going

zoom in for better viewing and i'm going to paste in my ip address and hit enter

to paste in my ip address and hit enter and as you can see here

and as you can see here i've used my startup script to display

i've used my startup script to display not only this web page but i was able to

not only this web page but i was able to bring in metadata that i pulled using

bring in metadata that i pulled using variables and was able to display it

variables and was able to display it here in the browser and so before i end

here in the browser and so before i end this demonstration i wanted to show you

this demonstration i wanted to show you another way of using a startup script

another way of using a startup script but being able to pull it in from cloud

but being able to pull it in from cloud storage so i'm going to go back to the

storage so i'm going to go back to the navigation menu and i'm going to scroll

navigation menu and i'm going to scroll down to storage

down to storage here i will create a new bucket

here i will create a new bucket and for now find a globally unique name

and for now find a globally unique name to name your bucket and i'm going to

to name your bucket and i'm going to call my bucket bowtie web server site

call my bucket bowtie web server site and i'm going to leave the rest as its

and i'm going to leave the rest as its default and i'm going to simply click on

default and i'm going to simply click on create

create and if you have a globally unique name

and if you have a globally unique name for your bucket you will be prompted

for your bucket you will be prompted with this page without any errors and

with this page without any errors and i'm going to go ahead and upload the

i'm going to go ahead and upload the script

script and you can find this script in the

and you can find this script in the github repository so i'm going to go

github repository so i'm going to go into my repo and i'm going to look for

into my repo and i'm going to look for bow tie start up final sh i'm going to

bow tie start up final sh i'm going to open it

open it and now that i have the script uploaded

and now that i have the script uploaded i'm going to drill into this file so i

i'm going to drill into this file so i can get some more information that i

can get some more information that i need for the instance and what i need

need for the instance and what i need from here is to copy the uri so i'm

from here is to copy the uri so i'm going to copy this to my clipboard and

going to copy this to my clipboard and i'm going to head back on over to

i'm going to head back on over to compute engine i'm going to drill down

compute engine i'm going to drill down into my instance

into my instance i'm going to click on edit at the top

i'm going to click on edit at the top and i'm going to scroll down to where it

and i'm going to scroll down to where it says custom metadata and here i'm going

says custom metadata and here i'm going to remove the startup script metadata

to remove the startup script metadata and i'm going to add a new item and i'm

and i'm going to add a new item and i'm going to be adding startup dash script

going to be adding startup dash script dash url and in the value i'm going to

dash url and in the value i'm going to paste in the uri that i had just copied

paste in the uri that i had just copied over and this way on startup my instance

over and this way on startup my instance will use this startup script that's in

will use this startup script that's in cloud storage so i'm going to scroll

cloud storage so i'm going to scroll down to the bottom click on save

down to the bottom click on save and now i'm going to click on reset i'm

and now i'm going to click on reset i'm going to reset here i'm going to go back

going to reset here i'm going to go back to the main page for my vm instances and

to the main page for my vm instances and i can see that my external ip hasn't

i can see that my external ip hasn't changed so i'm going to go back to my

changed so i'm going to go back to my open web browser and i'm going to click

open web browser and i'm going to click on refresh and success and as you can

on refresh and success and as you can see here i've taken a whole bunch of

see here i've taken a whole bunch of different variables including the

different variables including the machine name

machine name the environment variable the zone as

the environment variable the zone as well as the project and i've displayed

well as the project and i've displayed it here in a simple website and although

it here in a simple website and although you may not find this website

you may not find this website specifically useful in your production

specifically useful in your production environment this is just an idea to get

environment this is just an idea to get creative using default and custom

creative using default and custom metadata along with a startup script

metadata along with a startup script i've seen in some environments where

i've seen in some environments where people have multiple web servers and

people have multiple web servers and create a web page to display all the

create a web page to display all the specific web servers in their different

specific web servers in their different environments along with their ips their

environments along with their ips their data and their configurations and so

data and their configurations and so just as a recap we've gone through the

just as a recap we've gone through the default and custom metadata and how to

default and custom metadata and how to query it in an instance we also went

query it in an instance we also went through startup scripts and how to apply

through startup scripts and how to apply them both locally and using cloud

them both locally and using cloud storage and so i hope you have enjoyed

storage and so i hope you have enjoyed having fun with metadata and using them

having fun with metadata and using them in startup scripts such as this one i

in startup scripts such as this one i also hope you find some fascinating use

also hope you find some fascinating use cases in your current environments and

cases in your current environments and so before you go just a quick reminder

so before you go just a quick reminder to delete any resources that you've

to delete any resources that you've created to not incur any added costs and

created to not incur any added costs and so that's pretty much all i wanted to

so that's pretty much all i wanted to cover with this demonstration so you can

cover with this demonstration so you can now mark this as complete and let's move

now mark this as complete and let's move on to the next one

on to the next one [Music]

[Music] welcome back and in this lesson i'm

welcome back and in this lesson i'm going to be discussing compute engine

going to be discussing compute engine billing now when it comes to pricing

billing now when it comes to pricing with regards to compute engine i've only

with regards to compute engine i've only gone over the fact that instances are

gone over the fact that instances are charged by the second after the first

charged by the second after the first minute but i never got into the depths

minute but i never got into the depths of billing and the various ways to save

of billing and the various ways to save money when using compute engine in this

money when using compute engine in this lesson i will be unveiling how both

lesson i will be unveiling how both costs and discounts are broken down in

costs and discounts are broken down in google cloud as it refers to the

google cloud as it refers to the resource based billing model and the

resource based billing model and the various savings that can be had when

various savings that can be had when using compute engine so with that being

using compute engine so with that being said let's dive in

said let's dive in now each vcpu and each gigabyte of

now each vcpu and each gigabyte of memory on compute engine is built

memory on compute engine is built separately rather than as part of a

separately rather than as part of a single machine type you are still

single machine type you are still creating instances using pre-defined

creating instances using pre-defined machine types but your bill shows them

machine types but your bill shows them as individual cpus and memory used per

as individual cpus and memory used per hour and this is what google refers to

hour and this is what google refers to as resource-based billing which i will

as resource-based billing which i will get into in just a bit the billing model

get into in just a bit the billing model applies to all vcpus gpus and memory

applies to all vcpus gpus and memory resources and are charged a minimum of

resources and are charged a minimum of one minute for example if you run your

one minute for example if you run your virtual machine for 30 seconds you will

virtual machine for 30 seconds you will be billed for one minute of usage after

be billed for one minute of usage after one minute instances are charged in one

one minute instances are charged in one second increments instance up time is

second increments instance up time is another determining factor for cost and

another determining factor for cost and is measured as the number of seconds

is measured as the number of seconds between when you start an instance and

between when you start an instance and when you stop an instance in other words

when you stop an instance in other words when your instance is in the terminated

when your instance is in the terminated state if an instance is idle but still

state if an instance is idle but still has a state of running it will be

has a state of running it will be charged for instance uptime but again

charged for instance uptime but again you will not be charged if your instance

you will not be charged if your instance is in a terminated state

is in a terminated state now getting into reservations these are

now getting into reservations these are designed to reserve the vm instances you

designed to reserve the vm instances you need so after you create a reservation

need so after you create a reservation the reservation ensures that those

the reservation ensures that those resources are always available for you

resources are always available for you to use during the creation process you

to use during the creation process you can choose how a reservation is to be

can choose how a reservation is to be used for example you can choose for a

used for example you can choose for a reservation to be automatically applied

reservation to be automatically applied to any new or existing instances that

to any new or existing instances that match the reservation's properties which

match the reservation's properties which is the default behavior or you can

is the default behavior or you can specify that reservation to be consumed

specify that reservation to be consumed by a specific instance in all cases a vm

by a specific instance in all cases a vm instance can only use a reservation if

instance can only use a reservation if its properties exactly match the

its properties exactly match the properties of the reservation after you

properties of the reservation after you create a reservation you begin paying

create a reservation you begin paying for the reserved resources immediately

for the reserved resources immediately and they remain available for your

and they remain available for your project to use indefinitely until the

project to use indefinitely until the reservation is deleted reservations are

reservation is deleted reservations are great to ensure that your project has

great to ensure that your project has resources for future increases in demand

resources for future increases in demand including planned or unplanned spikes

including planned or unplanned spikes backup and disaster recovery or for a

backup and disaster recovery or for a buffer when you're planning growth when

buffer when you're planning growth when you no longer need a reservation you can

you no longer need a reservation you can simply delete the reservation to stop

simply delete the reservation to stop incurring charges each reservation like

incurring charges each reservation like normal vms are charged based on existing

normal vms are charged based on existing on-demand rates which include sustained

on-demand rates which include sustained use discounts and are eligible for

use discounts and are eligible for committed use discounts which i will be

committed use discounts which i will be getting into in just a bit now

getting into in just a bit now purchasing reservations do come with

purchasing reservations do come with some caveats

some caveats reservations apply only to compute

reservations apply only to compute engine data proc

engine data proc and google kubernetes engine as well

and google kubernetes engine as well reservations don't apply to shared core

reservations don't apply to shared core machine types preemptable vms sole

machine types preemptable vms sole tenant nodes

tenant nodes cloud sql and data flow now as i

cloud sql and data flow now as i explained before each vcpu and each

explained before each vcpu and each gigabyte of memory on compute engine is

gigabyte of memory on compute engine is built separately rather than as a part

built separately rather than as a part of a single machine type and is billed

of a single machine type and is billed as individual cpus and memory used per

as individual cpus and memory used per hour resource-based pricing allows

hour resource-based pricing allows compute engine to apply sustained use

compute engine to apply sustained use discounts

discounts to all of your pre-defined machine type

to all of your pre-defined machine type usage in a region collectively

usage in a region collectively rather than to individual machine types

rather than to individual machine types and this way vcpu and memory usage for

and this way vcpu and memory usage for each machine type can receive any one of

each machine type can receive any one of the following discounts sustained use

the following discounts sustained use discounts committed use discounts and

discounts committed use discounts and preemptable vms and i'd like to take a

preemptable vms and i'd like to take a moment to dive into a bit of detail on

moment to dive into a bit of detail on each of these discount types starting

each of these discount types starting with sustained use discounts

with sustained use discounts now sustained use discounts are

now sustained use discounts are automatic discounts for running specific

automatic discounts for running specific compute engine resources a significant

compute engine resources a significant portion of the billing month for example

portion of the billing month for example when you run one of these resources for

when you run one of these resources for more than 25 percent of a month compute

more than 25 percent of a month compute engine automatically gives you a

engine automatically gives you a discount for every incremental minute

discount for every incremental minute that you use for that instance now the

that you use for that instance now the following tables show the discounts

following tables show the discounts applied for the specific resources

applied for the specific resources described here now for the table on the

described here now for the table on the left for general purpose n2 and n2d

left for general purpose n2 and n2d predefined and custom machine types and

predefined and custom machine types and for compute optimized machine types you

for compute optimized machine types you can receive a discount of up to 20

can receive a discount of up to 20 percent the table on the right shows

percent the table on the right shows that for general purpose n1 predefined

that for general purpose n1 predefined and custom machine types as well as sole

and custom machine types as well as sole tenant nodes and gpus you can get a

tenant nodes and gpus you can get a discount of up to 30 percent sustained

discount of up to 30 percent sustained use discounts are applied automatically

use discounts are applied automatically to usage within a project separately for

to usage within a project separately for each region so there is no action

each region so there is no action required on your part to enable these

required on your part to enable these discounts now some notes that i wanted

discounts now some notes that i wanted to cover here is that sustained use

to cover here is that sustained use discounts automatically apply to vms

discounts automatically apply to vms created by both google kubernetes engine

created by both google kubernetes engine and compute engine as well they do not

and compute engine as well they do not apply to vms created using the app

apply to vms created using the app engine flexible environment as well as

engine flexible environment as well as data flow and the e-2 machine types

data flow and the e-2 machine types sustained use discounts are applied on

sustained use discounts are applied on incremental use after you reach certain

incremental use after you reach certain usage thresholds this means that you pay

usage thresholds this means that you pay only for the number of minutes that you

only for the number of minutes that you use an instance and compute engine

use an instance and compute engine automatically gives you the best price

automatically gives you the best price google truly believes that there's no

google truly believes that there's no reason to run an instance for longer

reason to run an instance for longer than you need it

than you need it now sustained use discounts are applied

now sustained use discounts are applied on incremental use after you reach

on incremental use after you reach certain usage thresholds this means that

certain usage thresholds this means that you pay only for the number of minutes

you pay only for the number of minutes that you use an instance and compute

that you use an instance and compute engine automatically gives you the best

engine automatically gives you the best price now consider a scenario where you

price now consider a scenario where you have two instances or sole tenant nodes

have two instances or sole tenant nodes in the same region that have different

in the same region that have different machine types and run at different times

machine types and run at different times of the month

of the month compute engine

compute engine breaks down the number of vcpus and

breaks down the number of vcpus and amount of memory used across all

amount of memory used across all instances that use predefined machine

instances that use predefined machine types and combines the resources to

types and combines the resources to qualify for the largest sustained usage

qualify for the largest sustained usage discounts possible now in this example

discounts possible now in this example assume you run the following two

assume you run the following two instances

instances in the us east one region during a month

in the us east one region during a month for the first half you run an n1

for the first half you run an n1 standard four instance with four vcpus

standard four instance with four vcpus and 15 gigabytes of memory for the

and 15 gigabytes of memory for the second half of the month you run a

second half of the month you run a larger and one standard 16 instance with

larger and one standard 16 instance with 16 vcpus and 60 gigabytes of memory in

16 vcpus and 60 gigabytes of memory in this scenario compute engine reorganizes

this scenario compute engine reorganizes these machine types into individual vcpu

these machine types into individual vcpu and memory resources and combines their

and memory resources and combines their usage to create the following resources

usage to create the following resources for vcpus so because four vcpus were

for vcpus so because four vcpus were being used for the whole month the

being used for the whole month the discount here would be thirty percent

discount here would be thirty percent the additional twelve vcpus were added

the additional twelve vcpus were added on week two in the month and so for

on week two in the month and so for those 12 vcpus they would receive a 10

those 12 vcpus they would receive a 10 discount and this is how discounts are

discount and this is how discounts are applied when it comes to sustained use

applied when it comes to sustained use discounts now moving on to the next

discounts now moving on to the next discount type is committed use discounts

discount type is committed use discounts so compute engine lets you purchase

so compute engine lets you purchase committed use contracts in return for

committed use contracts in return for deeply discounted prices for vm usage so

deeply discounted prices for vm usage so when you purchase a committed use

when you purchase a committed use contract you purchase compute resource

contract you purchase compute resource which is comprised of vcpus memory

which is comprised of vcpus memory gpus and local ssds and you purchase

gpus and local ssds and you purchase these resources at a discounted price in

these resources at a discounted price in return for committing to paying for

return for committing to paying for those resources for one year or three

those resources for one year or three years committed use discounts are ideal

years committed use discounts are ideal for workloads with predictable resource

for workloads with predictable resource needs so if you know exactly what you're

needs so if you know exactly what you're going to use committed use discounts

going to use committed use discounts would be a great option for this and the

would be a great option for this and the discount is up to 57

discount is up to 57 for most resources like machine types or

for most resources like machine types or gpus when it comes to memory optimized

gpus when it comes to memory optimized machine types the discount is up to 70

machine types the discount is up to 70 percent now when you purchase a

percent now when you purchase a committed use contract you can purchase

committed use contract you can purchase it for a single project and applies to a

it for a single project and applies to a single project by default or you can

single project by default or you can purchase multiple contracts which you

purchase multiple contracts which you can share across many projects by

can share across many projects by enabling shared discounts once purchased

enabling shared discounts once purchased your billed monthly for the resources

your billed monthly for the resources you purchased for the duration of the

you purchased for the duration of the term you selected whether you use the

term you selected whether you use the services or not if you have multiple

services or not if you have multiple projects that share the same cloud

projects that share the same cloud billing account you can enable committed

billing account you can enable committed use discount sharing so that all of your

use discount sharing so that all of your projects within that cloud billing

projects within that cloud billing account share all of your committed use

account share all of your committed use discount contracts your sustained use

discount contracts your sustained use discounts are also pooled at the same

discounts are also pooled at the same time now some caveats when it comes to

time now some caveats when it comes to committed use discounts shared core

committed use discounts shared core machines are excluded on this as well

machines are excluded on this as well you can purchase commitments only on a

you can purchase commitments only on a per region basis if a reservation is

per region basis if a reservation is attached to a committed use discount the

attached to a committed use discount the reservation can't be deleted for the

reservation can't be deleted for the duration of the commitment so please be

duration of the commitment so please be aware now to purchase a commitment for

aware now to purchase a commitment for gpus or local ssds you must purchase a

gpus or local ssds you must purchase a general purpose and one commitment and

general purpose and one commitment and lastly after you create a commitment you

lastly after you create a commitment you cannot cancel it you must pay the agreed

cannot cancel it you must pay the agreed upon monthly amount for the duration of

upon monthly amount for the duration of the commitment now committed use

the commitment now committed use discount recommendations give you

discount recommendations give you opportunities to optimize your compute

opportunities to optimize your compute costs by analyzing your vm spending

costs by analyzing your vm spending trends with and without a committed use

trends with and without a committed use discount contract by comparing these

discount contract by comparing these numbers you can see how much you can

numbers you can see how much you can save each month with a committed use

save each month with a committed use contract and this can be found under the

contract and this can be found under the recommendations tab on the home page in

recommendations tab on the home page in the console and so i wanted to move on

the console and so i wanted to move on to the last discount type which are

to the last discount type which are preemptable vms now preemptable vms are

preemptable vms now preemptable vms are up to eighty percent cheaper than

up to eighty percent cheaper than regular instances pricing is fixed and

regular instances pricing is fixed and you never have to worry about variable

you never have to worry about variable pricing these prices can be found on the

pricing these prices can be found on the link to instance pricing that i have

link to instance pricing that i have included in the lesson text a

included in the lesson text a preemptable vm is an instance that you

preemptable vm is an instance that you can create and run at a much lower price

can create and run at a much lower price than normal instances however compute

than normal instances however compute engine might stop or preempt these

engine might stop or preempt these instances if it requires access to those

instances if it requires access to those resources for other tasks as preemptable

resources for other tasks as preemptable instances our access compute engine

instances our access compute engine capacity so their availability varies

capacity so their availability varies with usage now generally compute engine

with usage now generally compute engine avoids preempting instances

avoids preempting instances but compute engine does not use an

but compute engine does not use an instant cpu usage or other behavior to

instant cpu usage or other behavior to determine whether or not to preempt it

determine whether or not to preempt it now a crucial characteristic to know

now a crucial characteristic to know about preemptable vms is that compute

about preemptable vms is that compute engine always stops them after they run

engine always stops them after they run for 24 hours and this is something to be

for 24 hours and this is something to be aware of for the exam preemptable

aware of for the exam preemptable instances are finite compute engine

instances are finite compute engine resources so they might not always be

resources so they might not always be available and if you happen to

available and if you happen to accidentally spin up a preemptable vm

accidentally spin up a preemptable vm and you want to shut it down there is no

and you want to shut it down there is no charge if it's running for less than 10

charge if it's running for less than 10 minutes now another thing to note is

minutes now another thing to note is that preemptable instances can't live

that preemptable instances can't live migrate to a regular vm instance or be

migrate to a regular vm instance or be set to automatically restart when there

set to automatically restart when there is a maintenance event due to the

is a maintenance event due to the limitations preemptable instances are

limitations preemptable instances are not covered by any service level

not covered by any service level agreement and when it comes to the

agreement and when it comes to the google cloud free tier credits for

google cloud free tier credits for compute engine this does not apply to

compute engine this does not apply to preemptable instances so you're probably

preemptable instances so you're probably asking when is a great time to use

asking when is a great time to use preemptable vms well if your apps are

preemptable vms well if your apps are fault tolerant and can withstand

fault tolerant and can withstand possible instance preemptions then

possible instance preemptions then preemptable instances can reduce your

preemptable instances can reduce your compute engine costs significantly for

compute engine costs significantly for example batch processing jobs can run on

example batch processing jobs can run on preemptable instances if some of those

preemptable instances if some of those instances stop during processing the job

instances stop during processing the job slows down but does not completely stop

slows down but does not completely stop preemptable instances create your batch

preemptable instances create your batch processing tasks without placing any

processing tasks without placing any additional workload on your existing

additional workload on your existing instances and without requiring for you

instances and without requiring for you to pay full price for additional normal

to pay full price for additional normal instances and since containers are

instances and since containers are naturally stateless and fault tolerant

naturally stateless and fault tolerant this makes containers an amazing fit for

this makes containers an amazing fit for preemptable vms so running preemptable

preemptable vms so running preemptable vms for google kubernetes engine is

vms for google kubernetes engine is another fantastic use case now it's

another fantastic use case now it's really critical that you have an

really critical that you have an understanding for each different

understanding for each different discount type and when is a good time to

discount type and when is a good time to use each as you may be presented

use each as you may be presented different cost-effective solutions in

different cost-effective solutions in the exam and understanding these

the exam and understanding these discount types will prepare you to

discount types will prepare you to answer them understanding the theory

answer them understanding the theory behind this resource-based pricing model

behind this resource-based pricing model all the available discount types along

all the available discount types along with the types of workloads that are

with the types of workloads that are good for each will guarantee that you

good for each will guarantee that you will become familiar with what types of

will become familiar with what types of questions are being asked in the exam

questions are being asked in the exam and will also make you a better cloud

and will also make you a better cloud engineer as you will be able to spot

engineer as you will be able to spot where you can save money and be able to

where you can save money and be able to make the appropriate changes and so

make the appropriate changes and so that's pretty much all i wanted to cover

that's pretty much all i wanted to cover when it comes to compute engine billing

when it comes to compute engine billing and its discount types so you can now

and its discount types so you can now mark this lesson as complete and let's

mark this lesson as complete and let's move on to the next one

welcome back in this lesson i'm going to be covering the fundamentals as it

be covering the fundamentals as it pertains to storage these concepts are

pertains to storage these concepts are needed to know in order to fully

needed to know in order to fully understand the different google cloud

understand the different google cloud storage options that i will be diving

storage options that i will be diving into later as well the exam expects that

into later as well the exam expects that you know the different types of storage

you know the different types of storage that's available for all the various

that's available for all the various services

services and so before i get into the different

and so before i get into the different types of storage i wanted to cover the

types of storage i wanted to cover the underlying theory behind it so with that

underlying theory behind it so with that being said let's dive in

being said let's dive in so i wanted to start off by going

so i wanted to start off by going through the three types of storage and

through the three types of storage and how data is presented to a user or to

how data is presented to a user or to the server there is block storage file

the server there is block storage file storage and object storage these types

storage and object storage these types of storage tie into the available

of storage tie into the available services that are available in google

services that are available in google cloud and they offer different options

cloud and they offer different options for different types of workloads and i

for different types of workloads and i will be going over each of these in a

will be going over each of these in a bit of depth and so the first one i

bit of depth and so the first one i wanted to touch on is block storage

wanted to touch on is block storage now block storage is sometimes referred

now block storage is sometimes referred to as block level storage and is a

to as block level storage and is a technology that is used to store data

technology that is used to store data files on storage systems or cloud-based

files on storage systems or cloud-based storage environments block storage is

storage environments block storage is the fastest available storage type and

the fastest available storage type and it is also efficient and reliable with

it is also efficient and reliable with block storage files are split into

block storage files are split into evenly sized blocks of data each with

evenly sized blocks of data each with its own unique identifier it is

its own unique identifier it is presented to the operating system as

presented to the operating system as structureless raw data in the form of a

structureless raw data in the form of a logical volume or a hard drive and the

logical volume or a hard drive and the operating system structures it with a

operating system structures it with a file system like ext3 or ext4 on linux

file system like ext3 or ext4 on linux and ntfs for windows it would then mount

and ntfs for windows it would then mount this volume or drive as the root volume

this volume or drive as the root volume in linux or a c or d drive in windows

in linux or a c or d drive in windows block storage is usually delivered on

block storage is usually delivered on physical media in the case of google

physical media in the case of google cloud it is delivered as either spinning

cloud it is delivered as either spinning hard drives or solid state drives so in

hard drives or solid state drives so in google cloud you're presented with block

google cloud you're presented with block storage that consists of either

storage that consists of either persistent disks or local ssd

persistent disks or local ssd which can both be mountable and bootable

which can both be mountable and bootable block storage volumes can then be used

block storage volumes can then be used as your boot volumes for compute

as your boot volumes for compute instances in google cloud

instances in google cloud installed with your operating system of

installed with your operating system of choice and structured so that your

choice and structured so that your operating system database or application

operating system database or application will then be able to consume it now

will then be able to consume it now moving on to the second type of storage

moving on to the second type of storage is file storage

is file storage now file storage is also referred to as

now file storage is also referred to as file level or file based storage and is

file level or file based storage and is normally storage that is presented to

normally storage that is presented to users and applications as a traditional

users and applications as a traditional network file system in other words the

network file system in other words the user or application receives data

user or application receives data through directory trees folders and

through directory trees folders and files file storage also allows you to do

files file storage also allows you to do the same this functions similarly to a

the same this functions similarly to a local hard drive however a structure has

local hard drive however a structure has already been applied and cannot be

already been applied and cannot be adjusted after the fact this type of

adjusted after the fact this type of structure only has the capabilities of

structure only has the capabilities of being mountable but not bootable you

being mountable but not bootable you cannot install an operating system on

cannot install an operating system on file storage as i said before the

file storage as i said before the structure has already been put in place

structure has already been put in place for you and is ready for you or your

for you and is ready for you or your application to consume due to this

application to consume due to this structure the service that is serving

structure the service that is serving the file system has some underlying

the file system has some underlying software that can handle access rights

software that can handle access rights file sharing file locking and other

file sharing file locking and other controls related to file storage in

controls related to file storage in google cloud this service that serves

google cloud this service that serves this type of storage is known as cloud

this type of storage is known as cloud file store and is usually presented over

file store and is usually presented over the network to users in your vpc network

the network to users in your vpc network using the nfs protocol or in this case

using the nfs protocol or in this case nfs version 3. but i'll be diving into

nfs version 3. but i'll be diving into that a little bit later and the last

that a little bit later and the last storage type that i wanted to cover is

storage type that i wanted to cover is object storage

object storage now object storage also referred to as

now object storage also referred to as object-based storage

object-based storage is a general term that refers to the way

is a general term that refers to the way in which we organize and work with units

in which we organize and work with units of storage called objects and this is a

of storage called objects and this is a storage type that is a flat collection

storage type that is a flat collection of unstructured data and this type of

of unstructured data and this type of storage holds no structure like the

storage holds no structure like the other two types of storage and is made

other two types of storage and is made up of three characteristics the first

up of three characteristics the first one is the data itself and this could be

one is the data itself and this could be anything from movies songs and even

anything from movies songs and even photos of men in fancy bow ties the data

photos of men in fancy bow ties the data could also be binary data as well the

could also be binary data as well the second characteristic is the metadata

second characteristic is the metadata and this is usually related to any

and this is usually related to any contextual information about what the

contextual information about what the data is or anything that is relevant to

data is or anything that is relevant to the data and the third characteristic is

the data and the third characteristic is a globally unique identifier and this

a globally unique identifier and this way it's possible to find the data

way it's possible to find the data without having to know the physical

without having to know the physical location of the data and this is what

location of the data and this is what allows object storage to be infinitely

allows object storage to be infinitely scalable as it doesn't matter where the

scalable as it doesn't matter where the object is stored this type of storage

object is stored this type of storage can be found in google cloud and is

can be found in google cloud and is known as cloud storage cloud storage is

known as cloud storage cloud storage is flat storage with a logical container

flat storage with a logical container called a bucket that you put objects

called a bucket that you put objects into now although this type of storage

into now although this type of storage is not bootable using an open source

is not bootable using an open source tool called fuse this storage type can

tool called fuse this storage type can be mounted in google cloud and i will be

be mounted in google cloud and i will be covering that a little bit later in the

covering that a little bit later in the cloud storage lesson but in most cases

cloud storage lesson but in most cases object store is designed as the type of

object store is designed as the type of storage that is not bootable or

storage that is not bootable or mountable and because of the

mountable and because of the characteristics of this storage

characteristics of this storage it allows object storage again to be

it allows object storage again to be infinitely scalable and so these are the

infinitely scalable and so these are the three main types of storage that you

three main types of storage that you will need to know and understand as each

will need to know and understand as each has its use cases so if you're looking

has its use cases so if you're looking for high performance storage you will

for high performance storage you will always look to block storage to satisfy

always look to block storage to satisfy your needs if you're looking to share

your needs if you're looking to share files across multiple systems or have

files across multiple systems or have multiple applications

multiple applications that need access to the same files and

that need access to the same files and directories then file storage might be

directories then file storage might be your best bet if you're looking to store

your best bet if you're looking to store terabytes of pictures for a web

terabytes of pictures for a web application and you don't want to worry

application and you don't want to worry about scaling object storage will allow

about scaling object storage will allow you to read and write an infinite amount

you to read and write an infinite amount of pictures that will meet your

of pictures that will meet your requirements so now that we've covered

requirements so now that we've covered these storage types let's take a few

these storage types let's take a few moments to discuss storage performance

moments to discuss storage performance terms now when discussing storage

terms now when discussing storage performance there are some key terms to

performance there are some key terms to understand that when used together

understand that when used together define the performance of your storage

define the performance of your storage first there is io which stands for input

first there is io which stands for input output

output and is a single read write request and

and is a single read write request and can be measured in block size and this

can be measured in block size and this block size can vary anywhere from one

block size can vary anywhere from one kilobyte to four megabytes and beyond

kilobyte to four megabytes and beyond depending on your workload now q depth

depending on your workload now q depth when it comes to storage is the number

when it comes to storage is the number of pending input output requests

of pending input output requests waiting to be performed on a disk io

waiting to be performed on a disk io requests become queued when reads or

requests become queued when reads or writes are requested faster than they

writes are requested faster than they can be processed by the disk when io

can be processed by the disk when io requests are queued the total amount of

requests are queued the total amount of time it takes to read or write data to

time it takes to read or write data to disk becomes significantly higher this

disk becomes significantly higher this is where performance degradation can

is where performance degradation can occur and queue depth must be adjusted

occur and queue depth must be adjusted accordingly now the next term is a

accordingly now the next term is a common touch point when it comes to

common touch point when it comes to discussing storage performance on gcp

discussing storage performance on gcp and on the exam which is iops and this

and on the exam which is iops and this is a metric that stands for input output

is a metric that stands for input output operations per second this value

operations per second this value indicates how many different input or

indicates how many different input or output operations a device or group of

output operations a device or group of devices can perform in one second more

devices can perform in one second more value in the iops signifies the

value in the iops signifies the capability of executing more operations

capability of executing more operations per second and again this is a common

per second and again this is a common touch point that i will be diving into a

touch point that i will be diving into a little bit later now next up is

little bit later now next up is throughput and this is the speed at

throughput and this is the speed at which the data is transferred in a

which the data is transferred in a second and is most commonly measured in

second and is most commonly measured in megabytes per second this is going to be

megabytes per second this is going to be another common topic that comes up

another common topic that comes up frequently when discussing storage on

frequently when discussing storage on gcp as well

gcp as well latency is the measurement of delay

latency is the measurement of delay between the time data is requested when

between the time data is requested when the data starts being returned and is

the data starts being returned and is measured in milliseconds so the time

measured in milliseconds so the time each io request will take to complete

each io request will take to complete results in being your average latency

results in being your average latency and the last two terms i wanted to bring

and the last two terms i wanted to bring up is sequential and random access

up is sequential and random access sequential would be a large single file

sequential would be a large single file like a video and random access would be

like a video and random access would be loading an application or an operating

loading an application or an operating system so lots of little files that are

system so lots of little files that are all over the place it's obvious that

all over the place it's obvious that accessing data randomly is much slower

accessing data randomly is much slower and less efficient than accessing it

and less efficient than accessing it sequentially and this can also affect

sequentially and this can also affect performance now why i bring up all these

performance now why i bring up all these terms is not about calculating the

terms is not about calculating the average throughput but to give you a

average throughput but to give you a holistic view on storage performance

holistic view on storage performance as all these characteristics play a part

as all these characteristics play a part in defining the performance of your

in defining the performance of your storage

storage there is not one specific characteristic

there is not one specific characteristic that is responsible for disk performance

that is responsible for disk performance but all have a role in achieving the

but all have a role in achieving the highest performance possible

highest performance possible for your selected storage now i know

for your selected storage now i know this is a lot of theory to take in but

this is a lot of theory to take in but this will all start to make more sense

this will all start to make more sense when we dive into other parts of the

when we dive into other parts of the course where we will discuss disk

course where we will discuss disk performance with all these

performance with all these characteristics as it relates to compute

characteristics as it relates to compute engine and other services that use

engine and other services that use storage it is crucial to know the

storage it is crucial to know the storage types as well as the performance

storage types as well as the performance characteristics as it will bring clarity

characteristics as it will bring clarity to questions in the exam and also give

to questions in the exam and also give you a better sense on how to increase

you a better sense on how to increase your storage performance in your work

your storage performance in your work environment and so that's pretty much

environment and so that's pretty much all i wanted to cover when it comes to

all i wanted to cover when it comes to storage types and storage performance as

storage types and storage performance as it pertains to storage as a whole so you

it pertains to storage as a whole so you can now mark this lesson as complete and

can now mark this lesson as complete and let's move on to the next one

let's move on to the next one [Music]

[Music] welcome back and in this lesson i'm

welcome back and in this lesson i'm going to be covering persistent disks

going to be covering persistent disks and local ssds i'm going to be getting

and local ssds i'm going to be getting into the detail with the most commonly

into the detail with the most commonly used storage types for instances which

used storage types for instances which are both persistent disks and local ssds

are both persistent disks and local ssds this lesson will sift through all the

this lesson will sift through all the different types of persistent disks and

different types of persistent disks and local ssds along with the performance of

local ssds along with the performance of each knowing what type of disk to use

each knowing what type of disk to use for your instance and how to increase

for your instance and how to increase disk performance shows up on the exam

disk performance shows up on the exam and so i want to make sure to cover it

and so i want to make sure to cover it in detail and leave no stone unturned so

in detail and leave no stone unturned so with that being said let's dive in now

with that being said let's dive in now persistent disks and local ssds are the

persistent disks and local ssds are the two available types of block storage

two available types of block storage devices

devices available in google cloud and the

available in google cloud and the determining factor of what you will use

determining factor of what you will use for your particular scenario will depend

for your particular scenario will depend on your use case and the specific

on your use case and the specific characteristics that you require from

characteristics that you require from each storage medium now by default each

each storage medium now by default each compute engine instance has a single

compute engine instance has a single boot persistent disk that contains the

boot persistent disk that contains the operating system when you require

operating system when you require additional storage space you can add one

additional storage space you can add one or more additional persistent disks or

or more additional persistent disks or local ssds to your instance and i will

local ssds to your instance and i will be going through these storage options

be going through these storage options along with their characteristics now as

along with their characteristics now as you can see here persistent disks and

you can see here persistent disks and local ssds come in a slew of different

local ssds come in a slew of different types as well with persistent disks they

types as well with persistent disks they are available in both zonal and regional

are available in both zonal and regional options so starting off with persistent

options so starting off with persistent disks you have three different types you

disks you have three different types you can choose from as well you have the

can choose from as well you have the flexibility of choosing from two

flexibility of choosing from two different geographic options when it

different geographic options when it comes to the redundancy of your

comes to the redundancy of your persistent disks and i will be covering

persistent disks and i will be covering the zonal and regional options in detail

the zonal and regional options in detail in just a bit now persistent disks are

in just a bit now persistent disks are durable network storage devices

durable network storage devices that your instances can access like

that your instances can access like physical disks in a computer so these

physical disks in a computer so these are not physically attached disks but

are not physically attached disks but network disks that are connected over

network disks that are connected over google's internal network persistent

google's internal network persistent disks are independent of your instance

disks are independent of your instance and can persist after your instance has

and can persist after your instance has been terminated and this can be done by

been terminated and this can be done by turning on this flag upon creation you

turning on this flag upon creation you can even detach your disk and move it to

can even detach your disk and move it to other instances when you need to scaling

other instances when you need to scaling persistent disks can be done

persistent disks can be done automatically and on the fly by using

automatically and on the fly by using the disk resize feature and this gives

the disk resize feature and this gives you the flexibility to resize your

you the flexibility to resize your current persistent disks with no

current persistent disks with no downtime and even add additional disks

downtime and even add additional disks to your instance for additional

to your instance for additional performance and storage persistent disks

performance and storage persistent disks are also encrypted by default and google

are also encrypted by default and google also gives you the option of using your

also gives you the option of using your own custom keys each persistent disk can

own custom keys each persistent disk can be up to 64 terabytes in size and most

be up to 64 terabytes in size and most instances can have up to 128 persistent

instances can have up to 128 persistent disks and up to 257 terabytes of total

disks and up to 257 terabytes of total persistent disk space attached and just

persistent disk space attached and just as a note share core machine types are

as a note share core machine types are limited to 16 persistent disks and 3

limited to 16 persistent disks and 3 terabytes of total persistent disk space

terabytes of total persistent disk space and so now that i've gone through the

and so now that i've gone through the details of persistent disks i wanted to

details of persistent disks i wanted to dive into the two geographic options

dive into the two geographic options that's available for persistent disks

that's available for persistent disks first starting with zonal now zonal

first starting with zonal now zonal persistent disks are disks that are

persistent disks are disks that are available in one zone in one region

available in one zone in one region these disks are the most commonly used

these disks are the most commonly used persistent disks for general day-to-day

persistent disks for general day-to-day usage and used for those whose workloads

usage and used for those whose workloads are not sensitive to specific zone

are not sensitive to specific zone outages they are redundant within the

outages they are redundant within the zone you've created them in but cannot

zone you've created them in but cannot survive an outage of that zone and may

survive an outage of that zone and may be subjected to data loss if that

be subjected to data loss if that specific zone is affected and this is

specific zone is affected and this is where snapshots should be a part of your

where snapshots should be a part of your high availability strategy when using

high availability strategy when using zonal persistent disks snapshots are

zonal persistent disks snapshots are incremental and can be taken even if you

incremental and can be taken even if you snapshot disks that are attached to

snapshot disks that are attached to running instances and i'll be going into

running instances and i'll be going into detail about snapshots in a later lesson

detail about snapshots in a later lesson zonal persistent disks can also be used

zonal persistent disks can also be used with any machine type including

with any machine type including pre-defined shared core and custom

pre-defined shared core and custom machine types now when it comes to

machine types now when it comes to regional persistent disks they have

regional persistent disks they have storage qualities that are similar to

storage qualities that are similar to zonal persistent disks however regional

zonal persistent disks however regional persistent disks provide durable storage

persistent disks provide durable storage and replication of data between two

and replication of data between two zones in the same region if you are

zones in the same region if you are designing systems that require high

designing systems that require high availability on compute engine you

availability on compute engine you should use regional persistent disks

should use regional persistent disks combined with snapshots for durability

combined with snapshots for durability regional persistent disks are also

regional persistent disks are also designed to work with regional managed

designed to work with regional managed instance groups in the unlikely event of

instance groups in the unlikely event of a zonal outage you can usually fail over

a zonal outage you can usually fail over your workload running on regional

your workload running on regional persistent disks to another zone by

persistent disks to another zone by simply using the force attached flag

simply using the force attached flag regional persistent disks are slower

regional persistent disks are slower than zonal persistent disks and should

than zonal persistent disks and should be taken into consideration when write

be taken into consideration when write performance is less critical than data

performance is less critical than data redundancy across multiple zones now

redundancy across multiple zones now noting a couple of caveats here when it

noting a couple of caveats here when it comes to disk limits regional persistent

comes to disk limits regional persistent disks are similar to zonal persistent

disks are similar to zonal persistent disks however regional standard

disks however regional standard persistent disks have a 200 gigabyte

persistent disks have a 200 gigabyte size minimum and may be a major factor

size minimum and may be a major factor when it comes to cost so please be aware

when it comes to cost so please be aware as well you can't use regional

as well you can't use regional persistent disks with memory optimized

persistent disks with memory optimized machine types or compute optimized

machine types or compute optimized machine types now these two geographic

machine types now these two geographic options are available for all three

options are available for all three persistent disk types whose

persistent disk types whose characteristics i will dive into now

characteristics i will dive into now starting off with the standard

starting off with the standard persistent disk type also known in

persistent disk type also known in google cloud as pd standard now these

google cloud as pd standard now these persistent disks are backed by standard

persistent disks are backed by standard hard disk drives and these are your

hard disk drives and these are your standard spinning hard disk drives and

standard spinning hard disk drives and allows google cloud to give a cost

allows google cloud to give a cost effective solution for your specific

effective solution for your specific needs standard persistent disks are

needs standard persistent disks are great for large data processing

great for large data processing workloads that primarily use sequential

workloads that primarily use sequential ios now as explained earlier sequential

ios now as explained earlier sequential access would be accessing larger files

access would be accessing larger files and would require less work by the hard

and would require less work by the hard drive thus decreasing latency as there

drive thus decreasing latency as there are physical moving parts in this hard

are physical moving parts in this hard drive this would allow the disc to do

drive this would allow the disc to do the least amount of work as possible and

the least amount of work as possible and therefore making it the most efficient

therefore making it the most efficient as possible and therefore sequential ios

as possible and therefore sequential ios are best suited for this type of

are best suited for this type of persistent disk and again this is the

persistent disk and again this is the lowest price persistent disks out of all

lowest price persistent disks out of all the persistent disk types now stepping

the persistent disk types now stepping into the performance of standard

into the performance of standard persistent disks for just a second

persistent disks for just a second please remember that iops and throughput

please remember that iops and throughput performance depends on disk size

performance depends on disk size instance vcpu count and i o block size

instance vcpu count and i o block size among other factors and so this table

among other factors and so this table here along with the subsequent tables

here along with the subsequent tables you will see later are average speeds

you will see later are average speeds that google has deemed optimum for these

that google has deemed optimum for these specific disk types they cover the

specific disk types they cover the maximum sustained iops as well as the

maximum sustained iops as well as the maximum sustained throughput along with

maximum sustained throughput along with the granular breakdown of each here you

the granular breakdown of each here you can see the differences between both the

can see the differences between both the zonal and regional standard pd and as

zonal and regional standard pd and as you can see here in the table the zonal

you can see here in the table the zonal standard pd and the regional standard pd

standard pd and the regional standard pd are pretty much the same when it comes

are pretty much the same when it comes to most of these metrics but when you

to most of these metrics but when you look closely at the read iops per

look closely at the read iops per instance this is where they differ where

instance this is where they differ where the zonal standard pd has a higher read

the zonal standard pd has a higher read iops per instance than the regional

iops per instance than the regional standard pd and this is because the

standard pd and this is because the regional standard pd is accessing two

regional standard pd is accessing two different disks in two separate zones

different disks in two separate zones and so the latency will be higher the

and so the latency will be higher the same thing goes for right throughput per

same thing goes for right throughput per instance and so this would be a decision

instance and so this would be a decision between high availability versus speed

between high availability versus speed moving on to the next type of persistent

moving on to the next type of persistent disk is the balanced persistent disk in

disk is the balanced persistent disk in google cloud known as pd balance this

google cloud known as pd balance this disk type is the alternative to the ssd

disk type is the alternative to the ssd persistent disks that balance both

persistent disks that balance both performance and cost as this disk type

performance and cost as this disk type has the same maximum iops as the ssd

has the same maximum iops as the ssd persistent disk type but holds a lower

persistent disk type but holds a lower iops per gigabyte and so this disk is

iops per gigabyte and so this disk is designed for general purpose use the

designed for general purpose use the price for this disk also falls in

price for this disk also falls in between the standard and the ssd

between the standard and the ssd persistent disks so this is basically

persistent disks so this is basically your middle of the road disk when you're

your middle of the road disk when you're trying to decide between price and speed

trying to decide between price and speed moving straight into performance i put

moving straight into performance i put the standard pd metric here so that you

the standard pd metric here so that you can see a side-by-side comparison

can see a side-by-side comparison between the balance pd and the standard

between the balance pd and the standard pd and as you can see here when it comes

pd and as you can see here when it comes to the metrics under the maximum

to the metrics under the maximum sustained iops the balance pd is

sustained iops the balance pd is significantly higher than the standard

significantly higher than the standard pd in both the zonal and regional

pd in both the zonal and regional options as well looking at the maximum

options as well looking at the maximum sustained throughput the read write

sustained throughput the read write throughput per gigabyte is a little over

throughput per gigabyte is a little over two times faster and the right

two times faster and the right throughput per instance is three times

throughput per instance is three times faster so quite a bit of jump from the

faster so quite a bit of jump from the standard pd to the balance pd and moving

standard pd to the balance pd and moving on to the last persistent disk type is

on to the last persistent disk type is the ssd persistent disk type also known

the ssd persistent disk type also known in google cloud as a pd ssd and these

in google cloud as a pd ssd and these are the fastest persistent disks that

are the fastest persistent disks that are available

are available and are great for enterprise

and are great for enterprise applications and high performance

applications and high performance databases that demand lower latency and

databases that demand lower latency and more iops so this would be great for

more iops so this would be great for transactional databases or applications

transactional databases or applications that require demanding and near

that require demanding and near real-time performance the pd ssds have a

real-time performance the pd ssds have a single digit millisecond latency and

single digit millisecond latency and because of this comes at a higher cost

because of this comes at a higher cost and therefore is the highest price

and therefore is the highest price persistent disk moving on to the

persistent disk moving on to the performance of this persistent disk this

performance of this persistent disk this disk type is five times faster when it

disk type is five times faster when it comes to read iops per gigabyte than the

comes to read iops per gigabyte than the balance pd as well as five times faster

balance pd as well as five times faster for the right iops per gigabyte and so

for the right iops per gigabyte and so the table here on the left shows the

the table here on the left shows the performance for the pd ssd and the table

performance for the pd ssd and the table on the right shows the performance of

on the right shows the performance of both the standard pd and the balance pd

both the standard pd and the balance pd and so here you can see the difference

and so here you can see the difference moving from the standard pd over to the

moving from the standard pd over to the ssd pd the read write throughput per

ssd pd the read write throughput per instance stays the same from the

instance stays the same from the standard pd all the way up to the ssd pd

standard pd all the way up to the ssd pd but where the ssd outperforms all the

but where the ssd outperforms all the other ones is through the read write

other ones is through the read write throughput per gigabyte it's one and a

throughput per gigabyte it's one and a half times faster than the balance pd

half times faster than the balance pd and four times faster than the standard

and four times faster than the standard pd and again you will also notice a drop

pd and again you will also notice a drop in performance from the zonal option to

in performance from the zonal option to the regional option and so this is the

the regional option and so this is the end of part one of this lesson as it

end of part one of this lesson as it started to get a little bit long and so

started to get a little bit long and so whenever you're ready you can join me in

whenever you're ready you can join me in part two where i will be starting

part two where i will be starting immediately from the end of part one so

immediately from the end of part one so you can complete this video and i will

you can complete this video and i will see you in the next

see you in the next [Music]

[Music] welcome back this is part two of the

welcome back this is part two of the persistent disks and local ssds lesson

persistent disks and local ssds lesson and we will be starting exactly where we

and we will be starting exactly where we left off in part one so with that being

left off in part one so with that being said let's dive in and so now that i've

said let's dive in and so now that i've covered all the persistent disk types i

covered all the persistent disk types i wanted to move into discussing the

wanted to move into discussing the characteristics of the local ssd local

characteristics of the local ssd local ssds are physically attached to the

ssds are physically attached to the server that hosts your vm instance local

server that hosts your vm instance local ssds have higher throughput and lower

ssds have higher throughput and lower latency than any of the available

latency than any of the available persistent disk options and again this

persistent disk options and again this is because it's physically attached and

is because it's physically attached and the data doesn't have to travel over the

the data doesn't have to travel over the network now the crucial thing to know

network now the crucial thing to know about local ssds is that the data you

about local ssds is that the data you store on a local ssd persists only until

store on a local ssd persists only until the instance is stopped or deleted once

the instance is stopped or deleted once the instance is stopped or deleted your

the instance is stopped or deleted your data will be gone and there is no chance

data will be gone and there is no chance of getting it back now each local ssd is

of getting it back now each local ssd is 375 gigabytes in size but you can attach

375 gigabytes in size but you can attach a maximum of 24 local ssd partitions for

a maximum of 24 local ssd partitions for a total of 9 terabytes per instance

a total of 9 terabytes per instance local ssds are designed to offer very

local ssds are designed to offer very high iops and very low latency and this

high iops and very low latency and this is great for when you need a fast

is great for when you need a fast scratch disk or a cache and you don't

scratch disk or a cache and you don't want to use instance memory local ssds

want to use instance memory local ssds are also available in two flavors scuzzy

are also available in two flavors scuzzy and mvme now for those of you who are

and mvme now for those of you who are unaware

unaware scuzzy is an older protocol and made

scuzzy is an older protocol and made specifically for hard drives it also

specifically for hard drives it also holds the limitation of having one queue

holds the limitation of having one queue for commands nvme on the other hand also

for commands nvme on the other hand also known as non-volatile memory express is

known as non-volatile memory express is a newer protocol and is designed for the

a newer protocol and is designed for the specific use of flash memory and

specific use of flash memory and designed to have up to 64 000 qs as well

designed to have up to 64 000 qs as well each of those queues in turn can have up

each of those queues in turn can have up to 64 000 commands running at the same

to 64 000 commands running at the same time and thus making nvme infinitely

time and thus making nvme infinitely faster now although nvme comes with

faster now although nvme comes with these incredible speeds it does come at

these incredible speeds it does come at a cost and so when it comes to the

a cost and so when it comes to the caveats of local ssd although compute

caveats of local ssd although compute engine automatically encrypts your data

engine automatically encrypts your data when it's written to local ssd storage

when it's written to local ssd storage space you can't use customer supplied

space you can't use customer supplied encryption keys with local ssds as well

encryption keys with local ssds as well local ssds are only available for the n1

local ssds are only available for the n1 n2 and compute optimized machine types

n2 and compute optimized machine types now moving on to the performance of

now moving on to the performance of local ssds throughput is the same

local ssds throughput is the same between scuzzy and nvme but the read

between scuzzy and nvme but the read write iops per instance is where nvme

write iops per instance is where nvme comes out on top and as you can see here

comes out on top and as you can see here the read iops per instance is a whopping

the read iops per instance is a whopping two million four hundred thousand read

two million four hundred thousand read iops per instance as well the right iops

iops per instance as well the right iops per instance is 1.2 million over the 800

per instance is 1.2 million over the 800 000 for local ssd now before i end this

000 for local ssd now before i end this lesson i wanted to cover a few points on

lesson i wanted to cover a few points on performance scaling

performance scaling as it pertains to block storage on

as it pertains to block storage on compute engine now persistent disk

compute engine now persistent disk performance scales with the size of the

performance scales with the size of the disk and with the number of vcpus on

disk and with the number of vcpus on your vm instance persistent disk

your vm instance persistent disk performance scales linearly until it

performance scales linearly until it reaches either the limits of the volume

reaches either the limits of the volume or the limits of each compute engine

or the limits of each compute engine instance whichever is lower now this may

instance whichever is lower now this may seem odd that the performance of your

seem odd that the performance of your disk scales with cpu count but you have

disk scales with cpu count but you have to remember persistent disks aren't

to remember persistent disks aren't physically attached to your vm they are

physically attached to your vm they are independently located as such i o on a

independently located as such i o on a pd is a network operation and thus it

pd is a network operation and thus it takes cpu to do i o which means that

takes cpu to do i o which means that smaller instances run out of cpu to

smaller instances run out of cpu to perform disk io at higher rates so in

perform disk io at higher rates so in order for you to get better performance

order for you to get better performance you can increase the iops for your disk

you can increase the iops for your disk by resizing them to their maximum

by resizing them to their maximum capacity but once that size has been

capacity but once that size has been reached you will have to increase the

reached you will have to increase the number of cpus on your instance in order

number of cpus on your instance in order to increase your disk performance a

to increase your disk performance a recommendation by google is that you

recommendation by google is that you have one available vcpu for every 2000

have one available vcpu for every 2000 to

to iops of expected traffic so to sum it up

iops of expected traffic so to sum it up performance scales until it reaches

performance scales until it reaches either the limits of the disk or the

either the limits of the disk or the limits of the vm instance to which the

limits of the vm instance to which the disk is attached the vm instance limits

disk is attached the vm instance limits are determined by the machine type and

are determined by the machine type and the number of vcpus of the instance now

the number of vcpus of the instance now if you want to get more granular with

if you want to get more granular with regards to disk performance i've

regards to disk performance i've included a few links in the lesson text

included a few links in the lesson text that will give you some more insight but

that will give you some more insight but for most general purposes and for the

for most general purposes and for the exam remember that persistent disk

exam remember that persistent disk performance is based on the total

performance is based on the total persistent disk capacity

persistent disk capacity attached to an instance and the number

attached to an instance and the number of vcpus that the instance has and so

of vcpus that the instance has and so that's pretty much all i wanted to cover

that's pretty much all i wanted to cover when it comes to persistent disks and

when it comes to persistent disks and local ssds so you can now mark this

local ssds so you can now mark this lesson as complete and let's move on to

lesson as complete and let's move on to the next one

welcome back in this demo i'm going to be covering how to manage and interact

be covering how to manage and interact with your disks on compute engine this

with your disks on compute engine this demo is designed to give you both

demo is designed to give you both experience and understanding on working

experience and understanding on working with persistent disks and how you would

with persistent disks and how you would interact with them we're going to start

interact with them we're going to start the demo off by creating an instance

the demo off by creating an instance we're then going to create a separate

we're then going to create a separate persistent disk and attach it to the

persistent disk and attach it to the instance we're going to then interact

instance we're going to then interact with the disk and then resize the disk

with the disk and then resize the disk while afterwards we will delete it and

while afterwards we will delete it and we're going to do this all by both using

we're going to do this all by both using the console and the command line so with

the console and the command line so with that being said let's dive in so here i

that being said let's dive in so here i am in the console i'm logged in as tony

am in the console i'm logged in as tony bowties gmail.com and i am in project

bowties gmail.com and i am in project bowtie inc and so the first thing we

bowtie inc and so the first thing we need to do to kick off this demo is to

need to do to kick off this demo is to create an instance that we can attach

create an instance that we can attach our disk to but first i always like to

our disk to but first i always like to make sure that i have a vpc to deploy my

make sure that i have a vpc to deploy my instance into with its corresponding

instance into with its corresponding default firewall rules so i'm going to

default firewall rules so i'm going to head on over to the navigation menu

head on over to the navigation menu and i'm going to go down to vpc network

and i'm going to go down to vpc network and as expected my default vpc has been

and as expected my default vpc has been created and just to make sure that i

created and just to make sure that i have all my necessary firewall rules i'm

have all my necessary firewall rules i'm going to drill down into the vpc and

going to drill down into the vpc and head on over to firewall rules i'm going

head on over to firewall rules i'm going to click on firewall rules and the

to click on firewall rules and the necessary firewall rule that i need for

necessary firewall rule that i need for ssh is created and so i can go ahead and

ssh is created and so i can go ahead and create my instance so i'm going to go

create my instance so i'm going to go back up to the navigation menu and i'm

back up to the navigation menu and i'm going to go over to compute engine so

going to go over to compute engine so i'm going to go ahead and click on

i'm going to go ahead and click on create and i'm going to name this

create and i'm going to name this instance bowtie dash instance and for

instance bowtie dash instance and for the sake of this demo i'll add in a

the sake of this demo i'll add in a label here the key is going to be

label here the key is going to be environment and the value will be

environment and the value will be testing i'm going to go down to the

testing i'm going to go down to the bottom click on save with regards to the

bottom click on save with regards to the region i'm going to select us east 1 and

region i'm going to select us east 1 and i'm going to keep the zone as the

i'm going to keep the zone as the default for us east 1b and under machine

default for us east 1b and under machine type to keep things cost effective i'm

type to keep things cost effective i'm going to use an e2 micro shared core

going to use an e2 micro shared core machine and i'm going to scroll down to

machine and i'm going to scroll down to service account and under service

service account and under service account you want to select the set

account you want to select the set access for each api

access for each api you want to scroll down to compute

you want to scroll down to compute engine and here you want to select read

engine and here you want to select read write and this will give us the

write and this will give us the necessary permissions in order to

necessary permissions in order to interact with our disk that we will be

interact with our disk that we will be creating later so i'm going to scroll

creating later so i'm going to scroll down to the bottom here and i'm going to

down to the bottom here and i'm going to leave everything else set at its default

leave everything else set at its default and just before creating the instance

and just before creating the instance please do remember you can always click

please do remember you can always click on the command line link where you can

on the command line link where you can get the gcloud command to create this

get the gcloud command to create this instance through the command line i'm

instance through the command line i'm going to close this up and i'm going to

going to close this up and i'm going to simply click on create i'm just going to

simply click on create i'm just going to wait a few seconds here for my instance

wait a few seconds here for my instance to come up okay and my instance is up

to come up okay and my instance is up and so now what we want to do is we want

and so now what we want to do is we want to create our new disk so i'm going to

to create our new disk so i'm going to go over here to the left hand menu and

go over here to the left hand menu and i'm going to click on disks and as you

i'm going to click on disks and as you can see here the disk for the instance

can see here the disk for the instance that i had just created has 10 gigabytes

that i had just created has 10 gigabytes in us east 1b and we want to leave that

in us east 1b and we want to leave that alone and we want to create our new disk

alone and we want to create our new disk so i'm going to go up to the top here

so i'm going to go up to the top here and simply click on create disk

and simply click on create disk and so for the name of the disk i'm

and so for the name of the disk i'm going to call this disk new pd for

going to call this disk new pd for persistent disk and i'm going to give it

persistent disk and i'm going to give it the same description i'm going to keep

the same description i'm going to keep the type as standard persistent disk and

the type as standard persistent disk and for the region i want to select us east

for the region i want to select us east one i'm going to keep the zone as its

one i'm going to keep the zone as its default in us east 1b and as the disk is

default in us east 1b and as the disk is in us east 1b i'll be able to attach it

in us east 1b i'll be able to attach it to my instance and so just as a note

to my instance and so just as a note here there is a selection where you can

here there is a selection where you can replicate this disk within the region if

replicate this disk within the region if i click that off i've now changed this

i click that off i've now changed this from a zonal persistent disk to a

from a zonal persistent disk to a regional persistent disk and over here

regional persistent disk and over here in zones it'll give me the option to

in zones it'll give me the option to select any two zones that i prefer and

select any two zones that i prefer and so if you're looking at creating some

so if you're looking at creating some regional persistent disks these are the

regional persistent disks these are the steps you would need to take in order to

steps you would need to take in order to get it done in the console now in order

get it done in the console now in order to save on costs i'm going to keep this

to save on costs i'm going to keep this as a zonal persistent disk so i'm going

as a zonal persistent disk so i'm going to click on cancel i'm going to uncheck

to click on cancel i'm going to uncheck the option and make sure your region is

the option and make sure your region is still set at us east 1 and your zone is

still set at us east 1 and your zone is selected as us east 1b we're going to

selected as us east 1b we're going to leave the snapshot schedule alone and

leave the snapshot schedule alone and i'll be diving into snapshot schedules

i'll be diving into snapshot schedules in a later lesson i'm going to scroll

in a later lesson i'm going to scroll down here to source type i'm going to

down here to source type i'm going to keep it as blank disk and the size here

keep it as blank disk and the size here is set at 500 gigabytes and we want to

is set at 500 gigabytes and we want to set it to 100 gigabytes but before we do

set it to 100 gigabytes but before we do that i wanted to bring your attention to

that i wanted to bring your attention to the estimated performance here you can

the estimated performance here you can see the sustain random iops limits as

see the sustain random iops limits as well as the throughput limit and so

well as the throughput limit and so depending on the size of the disk that

depending on the size of the disk that you want to add these limits will change

you want to add these limits will change accordingly so if i change this to 100

accordingly so if i change this to 100 my sustained random iops limit on read

my sustained random iops limit on read went from 375 iops to 75 iops and so

went from 375 iops to 75 iops and so this is a great demonstration that the

this is a great demonstration that the larger your disc the better your

larger your disc the better your performance and so this is a great way

performance and so this is a great way to figure out on what your performance

to figure out on what your performance will be before you create your disk and

will be before you create your disk and i've also been prompted with a note here

i've also been prompted with a note here saying that because my disk is under 200

saying that because my disk is under 200 gigabytes that i will have reduced

gigabytes that i will have reduced performance and so for this demo that's

performance and so for this demo that's okay i'm going to keep my encryption as

okay i'm going to keep my encryption as the google manage key and under labels i

the google manage key and under labels i will add environment as the key and

will add environment as the key and value is testing

value is testing and so now that i've entered all my

and so now that i've entered all my options i'm going to simply click on

options i'm going to simply click on create

create and i'm going to give it a few seconds

and i'm going to give it a few seconds and my new disk should be created okay

and my new disk should be created okay and my new disk has been created and you

and my new disk has been created and you can easily create this disk through the

can easily create this disk through the command line and i will be supplying

command line and i will be supplying that in the lesson text i merely want to

that in the lesson text i merely want to go through the console setup so that you

go through the console setup so that you are aware of all the different options

are aware of all the different options and so now that i've created my disk and

and so now that i've created my disk and i've created my instance i want to now

i've created my instance i want to now log into my instance and attach this new

log into my instance and attach this new disk so i'm going to go back to vm

disk so i'm going to go back to vm instances and here i want to ssh into

instances and here i want to ssh into the bowtie instance and i'm going to

the bowtie instance and i'm going to give it a few seconds here to connect

give it a few seconds here to connect and i'm going to zoom in for better

and i'm going to zoom in for better viewing i'm going to clear my screen

viewing i'm going to clear my screen and so the first thing i want to do is i

and so the first thing i want to do is i want to list all my block devices that

want to list all my block devices that are available to me on this instance and

are available to me on this instance and the linux command for that is ls blk

the linux command for that is ls blk and as you can see my boot disk has been

and as you can see my boot disk has been mounted

mounted and is available to me and so now i want

and is available to me and so now i want to attach the new disk that we just

to attach the new disk that we just created and just as a note i could as

created and just as a note i could as easily have done this in the console but

easily have done this in the console but i wanted to give you an idea of what it

i wanted to give you an idea of what it would look like doing it from the

would look like doing it from the command line and so i'm going to paste

command line and so i'm going to paste in the command to attach the disk which

in the command to attach the disk which is gcloud compute instances attach dash

is gcloud compute instances attach dash disk the name of the instance which is

disk the name of the instance which is bow tie dash instance along with the

bow tie dash instance along with the flag dash dash disk the disk name which

flag dash dash disk the disk name which is new pd and the zone of the disk using

is new pd and the zone of the disk using the zone flag with us east 1b so i'm

the zone flag with us east 1b so i'm going to go ahead and hit enter

going to go ahead and hit enter and no errors came up so i'm assuming

and no errors came up so i'm assuming that this had worked and so just to

that this had worked and so just to double check i'm gonna run the lsblk

double check i'm gonna run the lsblk command again and success as you can see

command again and success as you can see here my block device sdb has been

here my block device sdb has been attached to my instance and is available

attached to my instance and is available to me with the size of 100 gigabytes and

to me with the size of 100 gigabytes and so now i want to look at the state that

so now i want to look at the state that this roblox device is in and so the

this roblox device is in and so the command for that will be sudo

command for that will be sudo file dash s followed by the path of the

file dash s followed by the path of the block device which is forward slash dev

block device which is forward slash dev forward slash sdb i'm going to hit on

forward slash sdb i'm going to hit on enter and as you can see it is showing

enter and as you can see it is showing data which means that it is just a raw

data which means that it is just a raw data device and so in order for me to

data device and so in order for me to interact with it i need to format the

interact with it i need to format the drive with a file system that the

drive with a file system that the operating system will be able to

operating system will be able to interact with and so the command to

interact with and so the command to format the drive would be sudo mkfs

format the drive would be sudo mkfs which is make file system i'm going to

which is make file system i'm going to use ext4 as the file system minus

use ext4 as the file system minus capital f along with the path of the new

capital f along with the path of the new disk so i'm going to hit on enter and no

disk so i'm going to hit on enter and no errors so i'm assuming that it was

errors so i'm assuming that it was successful so just to verify i'm going

successful so just to verify i'm going to run the sudo file minus s command and

to run the sudo file minus s command and as you can see here because the disk now

as you can see here because the disk now has a file system i've been given the

has a file system i've been given the information with regards to this disk

information with regards to this disk whereas before it was simply raw data

whereas before it was simply raw data and so now that we've created our disk

and so now that we've created our disk and we've formatted our disk to a file

and we've formatted our disk to a file system that the operating system is able

system that the operating system is able to read we need to now mount the disk

to read we need to now mount the disk and so in order to do that we need to

and so in order to do that we need to create a mount point so i'm going to

create a mount point so i'm going to first clear the screen and i'm going to

first clear the screen and i'm going to run the command sudo mkdir and the new

run the command sudo mkdir and the new mount point i'm going to call it slash

mount point i'm going to call it slash new pd i'm going to hit enter and now

new pd i'm going to hit enter and now i'm going to mount the disk and the

i'm going to mount the disk and the command for that is sudo mount the path

command for that is sudo mount the path for the block device which is forward

for the block device which is forward slash dev forward slash sdb and then the

slash dev forward slash sdb and then the mount point which is forward slash new

mount point which is forward slash new pd i'm going to hit enter no errors so

pd i'm going to hit enter no errors so i'm assuming that it had worked but just

i'm assuming that it had worked but just to verify i'm going to run the command

to verify i'm going to run the command lsblk

lsblk and success as you can see sdb has now

and success as you can see sdb has now been mounted as new pd and so now i can

been mounted as new pd and so now i can interact with this disk so the first

interact with this disk so the first thing i want to do is i want to change

thing i want to do is i want to change directories to this mount point i'm in

directories to this mount point i'm in now new pd i'm going to do an ls and so

now new pd i'm going to do an ls and so just as a note for those of you who are

just as a note for those of you who are wondering the lost and found directory

wondering the lost and found directory is found on each linux file system and

is found on each linux file system and this is designed to place orphaned or

this is designed to place orphaned or corrupted files or any corrupted bits of

corrupted files or any corrupted bits of data from the file system to be placed

data from the file system to be placed here and so it's not something that you

here and so it's not something that you would interact with but always a good to

would interact with but always a good to know so i'm going to now create a file

know so i'm going to now create a file in new pd so i'm going to run the

in new pd so i'm going to run the command sudo nano file a bow ties dot

command sudo nano file a bow ties dot text so file a bow ties is the file that

text so file a bow ties is the file that i'm going to create nano is my text

i'm going to create nano is my text editor and so i'm going to hit on enter

editor and so i'm going to hit on enter and so in this file i'm going to type in

and so in this file i'm going to type in bow ties are so classy

bow ties are so classy because after all they are i'm going to

because after all they are i'm going to hit ctrl o to save i'm going to hit

hit ctrl o to save i'm going to hit enter to verify it and ctrl x to exit so

enter to verify it and ctrl x to exit so if i do another ls i can see the file of

if i do another ls i can see the file of bow ties has been created also by

bow ties has been created also by running the command df minus k i'll be

running the command df minus k i'll be able to see the file system here as well

able to see the file system here as well and so this is the end of part one of

and so this is the end of part one of this demo it was getting a bit long so i

this demo it was getting a bit long so i decided to break it up this would be a

decided to break it up this would be a great opportunity for you to get up have

great opportunity for you to get up have a stretch get yourself a coffee or tea

a stretch get yourself a coffee or tea and whenever you're ready you can join

and whenever you're ready you can join me in the next one where part two will

me in the next one where part two will be starting immediately from the end of

be starting immediately from the end of part one

part one [Music]

[Music] welcome back this is part two of this

welcome back this is part two of this demo and we're gonna continue

demo and we're gonna continue immediately from the end of part one so

immediately from the end of part one so with that being said let's dive in and

with that being said let's dive in and so what i want to do now is i want to

so what i want to do now is i want to reboot the instance in order to

reboot the instance in order to demonstrate the mounting of this device

demonstrate the mounting of this device and i'm going to do that by using the

and i'm going to do that by using the command sudo reboot it's going to

command sudo reboot it's going to disconnect me i'm going to click on

disconnect me i'm going to click on close and i'm going to wait about a

close and i'm going to wait about a minute for it to reboot okay and it's

minute for it to reboot okay and it's been about a minute so i'm going to now

been about a minute so i'm going to now ssh into my instance

okay and here i am back again logged into my instance i'm going to quickly

into my instance i'm going to quickly clear the screen and i'm going to run

clear the screen and i'm going to run the lsblk command now what i wanted to

the lsblk command now what i wanted to demonstrate here is that although i

demonstrate here is that although i mounted the new device it did not stay

mounted the new device it did not stay mounted through the reboot and this is

mounted through the reboot and this is because there is a configuration file in

because there is a configuration file in linux that points to which partitions

linux that points to which partitions get mounted automatically upon startup

get mounted automatically upon startup that i need to edit in order to make

that i need to edit in order to make sure that this device is mounted every

sure that this device is mounted every time the instance reboots and so in

time the instance reboots and so in order to do that i need to edit a file

order to do that i need to edit a file called fstab and i'm going to have to

called fstab and i'm going to have to add the unique identifier for this

add the unique identifier for this partition also known as the device sdb

partition also known as the device sdb and this will mount the partition

and this will mount the partition automatically every time there happens

automatically every time there happens to be a reboot so in order to do that

to be a reboot so in order to do that i'm going to run the command sudo blk id

i'm going to run the command sudo blk id and the path of the block device forward

and the path of the block device forward slash dev forward slash sdb i'm going to

slash dev forward slash sdb i'm going to hit on enter and here is the identifier

hit on enter and here is the identifier also known as the uuid that i need to

also known as the uuid that i need to append to the fstab file so i'm going to

append to the fstab file so i'm going to copy the uuid

copy the uuid and i'm going to use the command

and i'm going to use the command sudo nano

sudo nano etc

etc fs tab and i'm going to hit on enter and

fs tab and i'm going to hit on enter and here you will find the uuid for your

here you will find the uuid for your other partitions and so you're going to

other partitions and so you're going to be appending a line here right at the

be appending a line here right at the end so i'm going to move my cursor down

end so i'm going to move my cursor down here i'm going to type in uuid equals

here i'm going to type in uuid equals and then the uuid that i had copied

and then the uuid that i had copied earlier the amount point which is going

earlier the amount point which is going to be forward slash new pd the type of

to be forward slash new pd the type of file system which is ext4 along with

file system which is ext4 along with defaults

defaults comma no fail i'm going to hit control o

comma no fail i'm going to hit control o to save hit enter to verify and control

to save hit enter to verify and control x to exit and so now i'm going to mount

x to exit and so now i'm going to mount this device by running the command sudo

this device by running the command sudo mount dash a and hit enter and this

mount dash a and hit enter and this command will mount all the partitions

command will mount all the partitions that are available in the fstab file and

that are available in the fstab file and so when i run a lsblk

so when i run a lsblk i can see here that my block device sdb

i can see here that my block device sdb is now mounted on forward slash new pd

is now mounted on forward slash new pd now i know this may be a refresher for

now i know this may be a refresher for some but this is a perfect demonstration

some but this is a perfect demonstration of the tasks that need to be done when

of the tasks that need to be done when creating and attaching a new disk to an

creating and attaching a new disk to an instance and is a common task for many

instance and is a common task for many working on linux instances and working

working on linux instances and working in cloud this can definitely be scripted

in cloud this can definitely be scripted but i wanted to show you the steps that

but i wanted to show you the steps that need to be taken in order to get a new

need to be taken in order to get a new disk in a usable state okay so great we

disk in a usable state okay so great we have created a new disk we had attached

have created a new disk we had attached the disk created a file system and had

the disk created a file system and had mounted the disk along with editing the

mounted the disk along with editing the configuration file to make sure that the

configuration file to make sure that the device mounts whenever the instance

device mounts whenever the instance starts up so now that we've done all

starts up so now that we've done all that i wanted to demonstrate resizing

that i wanted to demonstrate resizing this disk from 100 gigabytes to 150

this disk from 100 gigabytes to 150 gigabytes and so just to show you where

gigabytes and so just to show you where it is in the console i'm going to

it is in the console i'm going to quickly go back to my console tab and so

quickly go back to my console tab and so here i'm going to go to the left hand

here i'm going to go to the left hand menu i'm going to click on disks i'm

menu i'm going to click on disks i'm going to drill down into new pd and at

going to drill down into new pd and at the top i'm going to click on edit and

the top i'm going to click on edit and so here i'm able to adjust the disk

so here i'm able to adjust the disk space size and simply click on save not

space size and simply click on save not much that i really need to do here but i

much that i really need to do here but i did want to show you how to do this in

did want to show you how to do this in the command line so i'm going to go back

the command line so i'm going to go back to the tab of my instance and i'm going

to the tab of my instance and i'm going to quickly clear the screen and i'm

to quickly clear the screen and i'm going to paste in the command gcloud

going to paste in the command gcloud compute disks

compute disks resize the name of the disk which is new

resize the name of the disk which is new pd and the new size in gigabytes using

pd and the new size in gigabytes using the dash dash size flag 150 which is the

the dash dash size flag 150 which is the new size of the disc along with the dash

new size of the disc along with the dash dash zone flag of us east 1b i'm going

dash zone flag of us east 1b i'm going to hit enter it's going to ask me if i

to hit enter it's going to ask me if i want to do this as this is not

want to do this as this is not reversible and please remember when you

reversible and please remember when you resize a disk you can only make it

resize a disk you can only make it bigger and never smaller so i'm going to

bigger and never smaller so i'm going to hit y to continue

hit y to continue and it took a few seconds there but it

and it took a few seconds there but it was successful so if i run a df minus k

was successful so if i run a df minus k you can see here that i only have 100

you can see here that i only have 100 gigabytes available to me and this is

gigabytes available to me and this is because i have to extend the file system

because i have to extend the file system on the disk so i've made the disk larger

on the disk so i've made the disk larger but i haven't allocated those raw blocks

but i haven't allocated those raw blocks to the file system so in order for the

to the file system so in order for the file system to see those unallocated

file system to see those unallocated blocks that's available to it i need to

blocks that's available to it i need to run another command so i'm going to

run another command so i'm going to quickly clear my screen again

quickly clear my screen again and i'm going to run the command sudo

and i'm going to run the command sudo resize to fs along with the block device

resize to fs along with the block device i'm going to hit enter and as you can

i'm going to hit enter and as you can see it was successful showing the old

see it was successful showing the old blocks as 13 and the new blocks as 19.

blocks as 13 and the new blocks as 19. so if i run a df minus k i can now see

so if i run a df minus k i can now see my 150 gigabytes that's available to me

my 150 gigabytes that's available to me and so just to demonstrate after

and so just to demonstrate after resizing the disk along with mounting

resizing the disk along with mounting and then remounting the disk that the

and then remounting the disk that the file that i've created still exists i'm

file that i've created still exists i'm going to run an ls minus al but first i

going to run an ls minus al but first i will need to

will need to change directories into new pd clear my

change directories into new pd clear my screen and run an ls and phyla bow ties

screen and run an ls and phyla bow ties is still there and so this is a great

is still there and so this is a great example demonstrating how the data on

example demonstrating how the data on persistent disks persist through the

persistent disks persist through the lifetime of a disk even when mounting

lifetime of a disk even when mounting unmounting rebooting and resizing and so

unmounting rebooting and resizing and so as you can see we've done a lot of work

as you can see we've done a lot of work here and so just as a recap where we've

here and so just as a recap where we've created a new disk we attached this disk

created a new disk we attached this disk to an instance we formatted the disk

to an instance we formatted the disk into an ext4 file system we've mounted

into an ext4 file system we've mounted this disk we've written a file to it

this disk we've written a file to it added its unique identifier to the

added its unique identifier to the configuration file so that it mounts on

configuration file so that it mounts on startup and then we've resized the disk

startup and then we've resized the disk along with extending the file system on

along with extending the file system on the disk and so this is the end of the

the disk and so this is the end of the demo and i wanted to congratulate you on

demo and i wanted to congratulate you on making it to the end and i hope this

making it to the end and i hope this demo has been extremely useful and again

demo has been extremely useful and again fantastic job on your part now before

fantastic job on your part now before you go i wanted to quickly walk through

you go i wanted to quickly walk through the steps of deleting all the resources

the steps of deleting all the resources you've created and so the first thing

you've created and so the first thing that i want to do is delete the disk

that i want to do is delete the disk that was created for this demo and so

that was created for this demo and so before i can delete the disk i'm going

before i can delete the disk i'm going to first detach the disk from the

to first detach the disk from the instance and the easiest way to do that

instance and the easiest way to do that is through the command line so i'm going

is through the command line so i'm going to quickly clear my screen and so i'm

to quickly clear my screen and so i'm going to show you how to detach the disk

going to show you how to detach the disk from the instance and so i'm going to

from the instance and so i'm going to paste in this command gcloud compute

paste in this command gcloud compute instances detach disk the instance name

instances detach disk the instance name which is bow tie dash instance along

which is bow tie dash instance along with the disc with the flag dash dash

with the disc with the flag dash dash disc the name of the disc which is new

disc the name of the disc which is new pd along with the zone i'm going to hit

pd along with the zone i'm going to hit enter

enter and it's been successfully detached and

and it's been successfully detached and so now that it's detached i can actually

so now that it's detached i can actually delete the disk and so i'm going to head

delete the disk and so i'm going to head on over back to the console and i'm

on over back to the console and i'm going to go ahead and delete the new pd

going to go ahead and delete the new pd disk i'm going to click on delete i'm

disk i'm going to click on delete i'm going to get a prompt asking me if i'm

going to get a prompt asking me if i'm sure yes i am if i go back to the main

sure yes i am if i go back to the main menu for my disks and this should just

menu for my disks and this should just take a moment and once it's deleted you

take a moment and once it's deleted you will no longer see it here and i'm going

will no longer see it here and i'm going to go back over to vm instances and i'm

to go back over to vm instances and i'm going to delete this as well

and so there's no need to delete your default vpc unless you'd like to

default vpc unless you'd like to recreate it again but don't worry for

recreate it again but don't worry for those who decide to keep it you will not

those who decide to keep it you will not be charged for your vpc as we will be

be charged for your vpc as we will be using it in the next demo and so that's

using it in the next demo and so that's pretty much all i wanted to cover when

pretty much all i wanted to cover when it comes to managing disks with compute

it comes to managing disks with compute engine so you can now mark this as

engine so you can now mark this as complete and let's move on to the next

complete and let's move on to the next one

one [Music]

[Music] welcome back in this lesson i'll be

welcome back in this lesson i'll be discussing persistent disk snapshots now

discussing persistent disk snapshots now snapshots are a great way to backup data

snapshots are a great way to backup data from any running or stopped instances

from any running or stopped instances from unexpected data loss

from unexpected data loss snapshots are also a great strategy for

snapshots are also a great strategy for use in a backup plan for any and all

use in a backup plan for any and all instances no matter where they are

instances no matter where they are located and so as cloud engineers and

located and so as cloud engineers and architects this is a great tool for

architects this is a great tool for achieving the greatest uptime for your

achieving the greatest uptime for your instances so diving right into it

instances so diving right into it snapshots as i mentioned before are a

snapshots as i mentioned before are a great way for both backing up and

great way for both backing up and restoring the data of your persistent

restoring the data of your persistent disks you can create snapshots from

disks you can create snapshots from disks even while they are attached to

disks even while they are attached to running instances snapshots are global

running instances snapshots are global resources so any snapshot is accessible

resources so any snapshot is accessible by any resource within the same project

by any resource within the same project you can also share snapshots across

you can also share snapshots across projects as well snapshots also support

projects as well snapshots also support both zonal and regional persistent disks

both zonal and regional persistent disks snapshots are incremental and

snapshots are incremental and automatically compressed so you can

automatically compressed so you can create regular snapshots on a persistent

create regular snapshots on a persistent disk

disk faster and at a much lower cost than if

faster and at a much lower cost than if you regularly created a full image of a

you regularly created a full image of a disk now when you create a snapshot you

disk now when you create a snapshot you have the option of choosing a storage

have the option of choosing a storage location snapshots are stored in cloud

location snapshots are stored in cloud storage

storage and can be stored in either a

and can be stored in either a multi-regional location or a regional

multi-regional location or a regional cloud storage bucket a multi-regional

cloud storage bucket a multi-regional storage location provides higher

storage location provides higher availability but will drive up costs

availability but will drive up costs please be aware that the location of a

please be aware that the location of a snapshot affects its availability and

snapshot affects its availability and can incur

can incur networking costs when creating the

networking costs when creating the snapshot or restoring it to a new disk

snapshot or restoring it to a new disk if you do not specify storage location

if you do not specify storage location for a snapshot google cloud uses the

for a snapshot google cloud uses the default location which stores your

default location which stores your snapshot in a cloud storage

snapshot in a cloud storage multi-regional location closest to the

multi-regional location closest to the region of your source disk if you store

region of your source disk if you store your snapshot in the same region as your

your snapshot in the same region as your source disk there is no network charge

source disk there is no network charge when you access that snapshot from the

when you access that snapshot from the same region if you access the snapshot

same region if you access the snapshot from a different region you will incur a

from a different region you will incur a network cost compute engine stores

network cost compute engine stores multiple copies of each snapshot across

multiple copies of each snapshot across multiple locations as well you cannot

multiple locations as well you cannot change the storage location of an

change the storage location of an existing snapshot once a snapshot has

existing snapshot once a snapshot has been taken it can be used to create a

been taken it can be used to create a new disk in any region and zone

new disk in any region and zone regardless of the storage location of

regardless of the storage location of the snapshot now as i explained earlier

the snapshot now as i explained earlier snapshots are incremental and i wanted

snapshots are incremental and i wanted to take a moment to dive into that for

to take a moment to dive into that for just a minute so when creating snapshots

just a minute so when creating snapshots the first successful snapshot of a

the first successful snapshot of a persistent disk is a full snapshot that

persistent disk is a full snapshot that contains all the data on the persistent

contains all the data on the persistent disk the second snapshot only contains

disk the second snapshot only contains any new data or modify data since the

any new data or modify data since the first snapshot data that hasn't changed

first snapshot data that hasn't changed since snapshot 1 isn't included instead

since snapshot 1 isn't included instead snapshot 2 contains references to

snapshot 2 contains references to snapshot 1 for any unchanged data as

snapshot 1 for any unchanged data as shown here snapshot 3 contains any new

shown here snapshot 3 contains any new or changed data since snapshot 2 but

or changed data since snapshot 2 but won't contain any unchanged data from

won't contain any unchanged data from snapshot 1 or 2. instead snapshot 3

snapshot 1 or 2. instead snapshot 3 contains references to blocks in

contains references to blocks in snapshot 1 and snapshot 2 for any

snapshot 1 and snapshot 2 for any unchanged data this repeats for all

unchanged data this repeats for all subsequent snapshots of the persistent

subsequent snapshots of the persistent disk snapshots are always created based

disk snapshots are always created based on the last successful snapshot taken

on the last successful snapshot taken and so now you're probably wondering

and so now you're probably wondering what happens when you decide to delete a

what happens when you decide to delete a snapshot are they dependent on each

snapshot are they dependent on each other well when you delete a snapshot

other well when you delete a snapshot compute engine immediately marks the

compute engine immediately marks the snapshot as deleted in the system if the

snapshot as deleted in the system if the snapshot has no dependent snapshots it

snapshot has no dependent snapshots it is deleted outright however if the

is deleted outright however if the snapshot does have dependent snapshots

snapshot does have dependent snapshots then there are some steps that happen

then there are some steps that happen behind the scenes so shown here in this

behind the scenes so shown here in this diagram snapshot 2 is deleted the next

diagram snapshot 2 is deleted the next snapshot from the full snapshot no

snapshot from the full snapshot no longer references the snapshot for

longer references the snapshot for deletion in this example snapshot 1 then

deletion in this example snapshot 1 then becomes the reference for snapshot 3 and

becomes the reference for snapshot 3 and any data that is required for restoring

any data that is required for restoring other snapshots is moved into the next

other snapshots is moved into the next snapshot increasing its size shown here

snapshot increasing its size shown here blocks that were unique to snapshot 2

blocks that were unique to snapshot 2 are moved to snapshot 3 and the size of

are moved to snapshot 3 and the size of snapshot 3 increases any data that is

snapshot 3 increases any data that is not required for restoring other

not required for restoring other snapshots is deleted so in this case

snapshots is deleted so in this case blocks that are already in snapshot 3

blocks that are already in snapshot 3 are deleted from snapshot 2 and the size

are deleted from snapshot 2 and the size of all snapshots are lower now because

of all snapshots are lower now because subsequent snapshots might require

subsequent snapshots might require information stored in a previous

information stored in a previous snapshot

snapshot please be aware that deleting a snapshot

please be aware that deleting a snapshot does not necessarily delete all the data

does not necessarily delete all the data on the snapshot if you're looking to

on the snapshot if you're looking to make sure that your data has indeed been

make sure that your data has indeed been deleted from your snapshots you should

deleted from your snapshots you should delete all snapshots if your disk has a

delete all snapshots if your disk has a snapshot schedule you must detach the

snapshot schedule you must detach the snapshot schedule from the disk before

snapshot schedule from the disk before you can delete the schedule

you can delete the schedule removing the snapshot schedule from the

removing the snapshot schedule from the disk prevents further snapshot activity

disk prevents further snapshot activity from occurring

from occurring now touching on the topic of scheduled

now touching on the topic of scheduled snapshots by far the best way to backup

snapshots by far the best way to backup your data on compute engine is to use

your data on compute engine is to use scheduled snapshots this way you will

scheduled snapshots this way you will never have to worry about manually

never have to worry about manually creating snapshots or even worry about

creating snapshots or even worry about using other tools to kick off those

using other tools to kick off those snapshots you can simply use this

snapshots you can simply use this built-in tool by google which is why

built-in tool by google which is why snapshot schedules are considered best

snapshot schedules are considered best practice to backup any compute engine

practice to backup any compute engine persistent disks now in order to create

persistent disks now in order to create any snapshot schedules you must create

any snapshot schedules you must create your snapshot schedule in the same

your snapshot schedule in the same region where your persistent disk

region where your persistent disk resides now there are two ways to create

resides now there are two ways to create a snapshot schedule the first one is to

a snapshot schedule the first one is to create a snapshot schedule and then

create a snapshot schedule and then attach it to an existing persistent disk

attach it to an existing persistent disk the other way is to create a new

the other way is to create a new persistent disk with a snapshot schedule

persistent disk with a snapshot schedule you also have the option of setting up a

you also have the option of setting up a snapshot retention policy that defines

snapshot retention policy that defines how long you want to keep your snapshots

how long you want to keep your snapshots some options when creating snapshot

some options when creating snapshot schedules are both retention policies

schedules are both retention policies and source disk deletion rules now if

and source disk deletion rules now if you choose to set up a snapshot

you choose to set up a snapshot retention policy you must do it as part

retention policy you must do it as part of your snapshot schedule when you

of your snapshot schedule when you create a snapshot schedule is when you

create a snapshot schedule is when you can also set a source disk deletion rule

can also set a source disk deletion rule the source disk deletion rule controls

the source disk deletion rule controls what happens to your snapshots if the

what happens to your snapshots if the source disk is deleted now a few caveats

source disk is deleted now a few caveats here on the scheduled snapshots is that

here on the scheduled snapshots is that a persistent disk can only have one

a persistent disk can only have one snapshot schedule attached to it at a

snapshot schedule attached to it at a time also you cannot delete a snapshot

time also you cannot delete a snapshot schedule if it is attached to a disk you

schedule if it is attached to a disk you must detach the schedule from all disks

must detach the schedule from all disks then delete the schedule as well after

then delete the schedule as well after you create a snapshot schedule you

you create a snapshot schedule you cannot edit it to update a snapshot

cannot edit it to update a snapshot schedule you must delete it and create a

schedule you must delete it and create a new one now before i end this lesson i

new one now before i end this lesson i wanted to touch on managing snapshots

wanted to touch on managing snapshots for just a minute so when managing

for just a minute so when managing snapshots there's a few things to

snapshots there's a few things to remember in order to use snapshots to

remember in order to use snapshots to manage your data efficiently you can

manage your data efficiently you can snapshot your disks at most once every

snapshot your disks at most once every 10 minutes you are unable to snapshot

10 minutes you are unable to snapshot your disks at intervals less than 10

your disks at intervals less than 10 minutes so please keep that in mind when

minutes so please keep that in mind when creating your schedules also you should

creating your schedules also you should create snapshots on a regular schedule

create snapshots on a regular schedule to minimize data loss if there was an

to minimize data loss if there was an unexpected failure if you have existing

unexpected failure if you have existing snapshots of a persistent disk the

snapshots of a persistent disk the system automatically uses them as a

system automatically uses them as a baseline for any subsequent snapshots

baseline for any subsequent snapshots that you create from that same disk

that you create from that same disk so in order to improve performance you

so in order to improve performance you can eliminate excessive snapshots by

can eliminate excessive snapshots by creating an image and reusing it using

creating an image and reusing it using this method would not only be ideal for

this method would not only be ideal for storage and management of snapshots but

storage and management of snapshots but also help to reduce costs and if you

also help to reduce costs and if you schedule regular snapshots for your

schedule regular snapshots for your persistent disks you can reduce the time

persistent disks you can reduce the time that it takes to complete each snapshot

that it takes to complete each snapshot by creating them during off-peak hours

by creating them during off-peak hours when possible and lastly for those of

when possible and lastly for those of you who use windows for most situations

you who use windows for most situations you can use the volume shadow copy

you can use the volume shadow copy service to take snapshots of persistent

service to take snapshots of persistent disks that are attached to windows

disks that are attached to windows instances you can create vss snapshots

instances you can create vss snapshots without having to stop the instance or

without having to stop the instance or detach the persistent disk and so that's

detach the persistent disk and so that's pretty much all i wanted to cover when

pretty much all i wanted to cover when it comes to the theory of persistent

it comes to the theory of persistent disk snapshots their schedules and how

disk snapshots their schedules and how to manage them in the next lesson i'll

to manage them in the next lesson i'll be doing a hands-on demo

be doing a hands-on demo demonstrating snapshots and putting this

demonstrating snapshots and putting this theory into practice and get a feel for

theory into practice and get a feel for how snapshots work and how they can be

how snapshots work and how they can be applied to persistent disks so you can

applied to persistent disks so you can now mark this lesson as complete and

now mark this lesson as complete and whenever you're ready join me in the

whenever you're ready join me in the console

console [Music]

[Music] welcome back

welcome back in this demonstration we're going to

in this demonstration we're going to dive into snapshots and snapshot

dive into snapshots and snapshot schedules this demo will give you the

schedules this demo will give you the hands-on knowledge you need to create

hands-on knowledge you need to create and delete snapshots along with how to

and delete snapshots along with how to manage snapshot schedules we're going to

manage snapshot schedules we're going to start the demo off by creating an

start the demo off by creating an instance we're going to interact with it

instance we're going to interact with it and then take a snapshot of the disk

and then take a snapshot of the disk we're going to then create another

we're going to then create another instance from the snapshot and then

instance from the snapshot and then create some snapshot schedules for both

create some snapshot schedules for both of these instances by using both the

of these instances by using both the console and the command line so there's

console and the command line so there's a lot to do here so with that being said

a lot to do here so with that being said let's dive in and so i'm currently

let's dive in and so i'm currently logged in as tony bowties gmail.com as

logged in as tony bowties gmail.com as well i'm in project bowtie inc so the

well i'm in project bowtie inc so the first thing that we need to do to kick

first thing that we need to do to kick off this demo is to create an instance

off this demo is to create an instance but first as always i like to make sure

but first as always i like to make sure that i have a vpc to deploy my instance

that i have a vpc to deploy my instance into with its corresponding default

into with its corresponding default firewall rules and so i'm going to head

firewall rules and so i'm going to head on over to the navigation menu and

on over to the navigation menu and scroll down to vpc network

and because i didn't delete my default vpc from the last demo i still have it

vpc from the last demo i still have it here i'm just going to drill down and

here i'm just going to drill down and make sure that i have my firewall rules

make sure that i have my firewall rules i'm gonna go over to firewall rules and

i'm gonna go over to firewall rules and as expected the ssh firewall rule that i

as expected the ssh firewall rule that i need has already been created and so now

need has already been created and so now that i have everything in order i'm

that i have everything in order i'm gonna go back over to the navigation

gonna go back over to the navigation menu and head on over to compute engine

menu and head on over to compute engine to create my instance now i figure for

to create my instance now i figure for this demo i'd switch it up a little bit

this demo i'd switch it up a little bit and create the instance by the command

and create the instance by the command line so i'm going to head on over to

line so i'm going to head on over to cloud shell i'm going to open that up

cloud shell i'm going to open that up and it took a minute to provision and so

and it took a minute to provision and so what i'm going to do now is i'm going to

what i'm going to do now is i'm going to open it up in a new tab i'm going to

open it up in a new tab i'm going to zoom in for better viewing and i'm going

zoom in for better viewing and i'm going to paste in my command to create my

to paste in my command to create my instance and this gcloud command to

instance and this gcloud command to create these instances will be available

create these instances will be available in the github repository and you will

in the github repository and you will find all the instructions and the

find all the instructions and the commands

commands under managing snapshots in compute

under managing snapshots in compute engine so i'm going to hit enter

engine so i'm going to hit enter and you may get a prompt to authorize

and you may get a prompt to authorize this api call and i'm going to click on

this api call and i'm going to click on authorize

authorize and success our instance has been

and success our instance has been created and is up and running and so now

created and is up and running and so now what i want to do is ssh into the

what i want to do is ssh into the instance and so i'm just going to run

instance and so i'm just going to run the command from here which is gcloud

the command from here which is gcloud compute ssh dash dash zone the zone that

compute ssh dash dash zone the zone that i'm in which is used 1b and the instance

i'm in which is used 1b and the instance which is bowtie dash instance i'm going

which is bowtie dash instance i'm going to hit enter it's going to prompt me if

to hit enter it's going to prompt me if i want to continue i'm going to say yes

i want to continue i'm going to say yes and i'm going to enter my passphrase and

and i'm going to enter my passphrase and enter it again

enter it again it's going to update my metadata and

it's going to update my metadata and it's going to ask me again for my

it's going to ask me again for my passphrase and i'm in so i'm going to

passphrase and i'm in so i'm going to just quickly clear my screen and so the

just quickly clear my screen and so the first thing i want to do is i want to

first thing i want to do is i want to verify the name of my instance so i'm

verify the name of my instance so i'm going to type in the command hostname

going to type in the command hostname and as expected bowtie dash instance

and as expected bowtie dash instance shows up and so now i want to create a

shows up and so now i want to create a text file and so i'm going to run the

text file and so i'm going to run the command

command sudo nano file a

sudo nano file a text i'm going to hit enter and it's

text i'm going to hit enter and it's going to open up my nano text editor and

going to open up my nano text editor and you can enter a message of any kind that

you can enter a message of any kind that you'd like for me i'm going to enter

you'd like for me i'm going to enter more bow tie needed because you can

more bow tie needed because you can never get enough bow ties i'm going to

never get enough bow ties i'm going to hit ctrl o to save press enter to verify

hit ctrl o to save press enter to verify the file name to write and then ctrl x

the file name to write and then ctrl x to exit i'm going to run the command ls

to exit i'm going to run the command ls space minus al to list my files so i can

space minus al to list my files so i can verify that my file has been created and

verify that my file has been created and as you can see here file a bowties.txt

as you can see here file a bowties.txt has been created and so now that i've

has been created and so now that i've created my instance and i've written a

created my instance and i've written a file to disk i'm going to now head on

file to disk i'm going to now head on over to the console and take a snapshot

over to the console and take a snapshot of this disk and because my session was

of this disk and because my session was transferred to another tab i can now

transferred to another tab i can now close the terminal and you want to head

close the terminal and you want to head over to the left-hand menu and go to

over to the left-hand menu and go to disks and so now i want to show you two

disks and so now i want to show you two ways on how you can create this snapshot

ways on how you can create this snapshot the first one is going to disks and

the first one is going to disks and choosing the disk that you want for me

choosing the disk that you want for me it's bowtie instance and under actions

it's bowtie instance and under actions i'm going to click on the hamburger menu

i'm going to click on the hamburger menu and here i can create snapshot and this

and here i can create snapshot and this will bring me straight to my snapshot

will bring me straight to my snapshot menu but for this demo i'm going to go

menu but for this demo i'm going to go over to the left hand menu and i'm going

over to the left hand menu and i'm going to click on snapshots and here i'm going

to click on snapshots and here i'm going to click on create snapshot and so for

to click on create snapshot and so for the name of the snapshot i'm going to

the name of the snapshot i'm going to type in bowtie snapshot and i'm going to

type in bowtie snapshot and i'm going to use the same for the description moving

use the same for the description moving down on the source disk the only one

down on the source disk the only one that i can select is bow tie instance

that i can select is bow tie instance and that's the one that i want anyways

and that's the one that i want anyways so i'm going to click on that the

so i'm going to click on that the location in order to cut down on costs

location in order to cut down on costs we don't need multi-regional we're going

we don't need multi-regional we're going to just select regional and if you

to just select regional and if you select on the location i'm able to

select on the location i'm able to select any other locations like tokyo

select any other locations like tokyo and i can create my snapshot in tokyo

and i can create my snapshot in tokyo but i want to keep my snapshot in the

but i want to keep my snapshot in the same region so i'm going to go back and

same region so i'm going to go back and select us east one where it is based on

select us east one where it is based on the source disk location and i'm going

the source disk location and i'm going to add a label here with the key

to add a label here with the key environment and the value of testing i'm

environment and the value of testing i'm going to leave my encryption type as

going to leave my encryption type as google managed and i'm going to simply

google managed and i'm going to simply click on create and this will create a

click on create and this will create a snapshot of the boot disk on bow tie

snapshot of the boot disk on bow tie instance and that took about a minute

instance and that took about a minute there and so just as a note if you have

there and so just as a note if you have any bigger discs they will take a little

any bigger discs they will take a little bit longer to snapshot okay and now that

bit longer to snapshot okay and now that i've created my snapshot i'm going to go

i've created my snapshot i'm going to go back up to vm instances and i'm going to

back up to vm instances and i'm going to create a new instance from that snapshot

create a new instance from that snapshot and so i'm going to name this instance

and so i'm going to name this instance bowtie dash instance dash 2 and i'm

bowtie dash instance dash 2 and i'm going to give this a label i'm going to

going to give this a label i'm going to add a label here the key of environment

add a label here the key of environment and the value of testing and hit save

and the value of testing and hit save the region is going to be used 1 and you

the region is going to be used 1 and you can leave the zone as its default as us

can leave the zone as its default as us east 1b and under machine type you can

east 1b and under machine type you can select the e2 micro and you want to go

select the e2 micro and you want to go down to boot disk and select the change

down to boot disk and select the change button and here i'm going to select

button and here i'm going to select snapshots instead of using a public

snapshots instead of using a public image so i'm going to click on snapshots

image so i'm going to click on snapshots and if i select the snapshot drop down

and if i select the snapshot drop down menu i will see here my bowtie snapshot

menu i will see here my bowtie snapshot so i'm going to select this i'm going to

so i'm going to select this i'm going to leave the rest as default and i'm going

leave the rest as default and i'm going to go down to select and i'm going to

to go down to select and i'm going to leave everything else as its default and

leave everything else as its default and i'm going to click on create i'm going

i'm going to click on create i'm going to just give it a minute here so bowtie

to just give it a minute here so bowtie instance 2 can be created okay and it

instance 2 can be created okay and it took a minute there so now i'm going to

took a minute there so now i'm going to ssh into this instance

ssh into this instance and i'm going to zoom in for better

and i'm going to zoom in for better viewing and even though i know the

viewing and even though i know the instance is named bowtie.instance2

instance is named bowtie.instance2 i'm still going to run the hostname

i'm still going to run the hostname command and as expected the same name

command and as expected the same name pops up but what i was really curious

pops up but what i was really curious about is if i run the command ls space

about is if i run the command ls space dash al i can see here my file of file

dash al i can see here my file of file of bowties.text

of bowties.text and if i cat the file

and if i cat the file [Music]

[Music] i'll be able to see the text that i

i'll be able to see the text that i inputted into that file and so although

inputted into that file and so although it was only one file and a text file at

it was only one file and a text file at that i was able to verify that my

that i was able to verify that my snapshot had worked as there will be

snapshot had worked as there will be times where your snapshot can get

times where your snapshot can get corrupted and so doing some various spot

corrupted and so doing some various spot checks on your snapshots is some good

checks on your snapshots is some good common practice and so now i want to

common practice and so now i want to create a snapshot schedule for both of

create a snapshot schedule for both of these instances and so i'm going to go

these instances and so i'm going to go back to the console and on the left hand

back to the console and on the left hand menu i'm going to head down to snapshots

menu i'm going to head down to snapshots and if i go over to snapshot schedules

and if i go over to snapshot schedules you can see that i have no snapshot

you can see that i have no snapshot schedules so let's go ahead and create a

schedules so let's go ahead and create a new one by clicking on create snapshot

new one by clicking on create snapshot schedule and so as mentioned in the last

schedule and so as mentioned in the last lesson we need to create this schedule

lesson we need to create this schedule first before we can attach it to a disk

first before we can attach it to a disk and so i'm going to name this snapshot

and so i'm going to name this snapshot schedule as bow tie dash disk schedule

schedule as bow tie dash disk schedule i'm going to use the same for the

i'm going to use the same for the description the region i'm going to

description the region i'm going to select it as us east one and i'm going

select it as us east one and i'm going to keep the snapshot location as

to keep the snapshot location as regional under us east one you scroll

regional under us east one you scroll down here and under schedule options you

down here and under schedule options you can leave the schedule frequency as

can leave the schedule frequency as daily and just as a note for start time

daily and just as a note for start time this time is measured in utc so please

this time is measured in utc so please remember this when you're creating your

remember this when you're creating your schedule in your specific time zone and

schedule in your specific time zone and so i'm going to put the start time as o

so i'm going to put the start time as o 600 and this will be 1 am eastern

600 and this will be 1 am eastern standard time as backups are always best

standard time as backups are always best done when there is the least amount of

done when there is the least amount of activity and i'm going to keep the auto

activity and i'm going to keep the auto delete snapshots after 14 days i'm going

delete snapshots after 14 days i'm going to keep the deletion rule as keep

to keep the deletion rule as keep snapshots as well i can enable the

snapshots as well i can enable the volume shadow copy service for windows

volume shadow copy service for windows but since we're running linux i don't

but since we're running linux i don't need to enable this and since we labeled

need to enable this and since we labeled everything else i might as well give

everything else i might as well give this a label i'm going to use the key as

this a label i'm going to use the key as environment and the value of testing and

environment and the value of testing and once you've filled everything out then

once you've filled everything out then you can simply click on create and it

you can simply click on create and it took a minute there but the schedule was

took a minute there but the schedule was created and so now that i have my

created and so now that i have my snapshot schedule i need to attach it to

snapshot schedule i need to attach it to a disk so i'm going to head on over to

a disk so i'm going to head on over to the left hand menu and click on disks

the left hand menu and click on disks and here i'm going to drill down into

and here i'm going to drill down into bow tie instance i'm going to go up to

bow tie instance i'm going to go up to the top and click on edit and under

the top and click on edit and under snapshot schedule i'm going to click on

snapshot schedule i'm going to click on the drop down and here i will find bow

the drop down and here i will find bow tie disk schedule i'm going to select

tie disk schedule i'm going to select that i'm going to click on save and so

that i'm going to click on save and so now that i have my snapshot schedule

now that i have my snapshot schedule attached to my disk for the bowtie

attached to my disk for the bowtie instance instance i now want to create a

instance instance i now want to create a snapshot schedule for my other instance

snapshot schedule for my other instance and so instead of using the console i'm

and so instead of using the console i'm going to go ahead and do it through the

going to go ahead and do it through the command line so i'm going to go up to

command line so i'm going to go up to the top to my open shell and i'm going

the top to my open shell and i'm going to quickly clear the screen and so in

to quickly clear the screen and so in order to create my schedule i'm going to

order to create my schedule i'm going to run this command gcloud compute resource

run this command gcloud compute resource policies create snapshot schedule the

policies create snapshot schedule the name of the snapshot schedule which is

name of the snapshot schedule which is bow tie disk schedule 2 the region the

bow tie disk schedule 2 the region the maximum retention days the retention

maximum retention days the retention policy and the schedule followed by the

policy and the schedule followed by the storage location and like i said before

storage location and like i said before these commands you will find in the

these commands you will find in the github repository so i'm going to go

github repository so i'm going to go ahead and hit enter

ahead and hit enter and so i wanted to leave this error in

and so i wanted to leave this error in here to show you that i needed the

here to show you that i needed the proper permissions in order to create

proper permissions in order to create this snapshot schedule a great reminder

this snapshot schedule a great reminder to always check if you have the right

to always check if you have the right role for the task at hand and so i have

role for the task at hand and so i have two options i can either change users

two options i can either change users from my service account user to tony

from my service account user to tony bowtie or i can simply head on over to

bowtie or i can simply head on over to my instance and edit the service account

my instance and edit the service account permissions and so the easiest way to do

permissions and so the easiest way to do it would be to just switch users and so

it would be to just switch users and so i'm going to go ahead and do that so i'm

i'm going to go ahead and do that so i'm going to go ahead and run the command

going to go ahead and run the command gcloud auth login and remember that this

gcloud auth login and remember that this is something that you don't have to do i

is something that you don't have to do i merely wanted to show you that you

merely wanted to show you that you require the proper permissions on

require the proper permissions on creation of specific resources okay and

creation of specific resources okay and i quickly went through the

i quickly went through the authentication process i'm gonna just

authentication process i'm gonna just clear my screen and i'm going to go

clear my screen and i'm going to go ahead and run the command again

ahead and run the command again and as expected the snapshot schedule

and as expected the snapshot schedule was created with no errors and so now

was created with no errors and so now that my schedule has been created i can

that my schedule has been created i can now attach it to the disk so i'm going

now attach it to the disk so i'm going to run the command gcloud compute disks

to run the command gcloud compute disks add resource policies the instance name

add resource policies the instance name which is bowtie instance 2 and the

which is bowtie instance 2 and the resource policy which is the snapshot

resource policy which is the snapshot schedule named as bowtie disk schedule 2

schedule named as bowtie disk schedule 2 in the zone of us east 1b i'm going to

in the zone of us east 1b i'm going to hit enter

hit enter and success and so just to verify that

and success and so just to verify that the snapshot schedule has been attached

the snapshot schedule has been attached to my disk i'm going to go back to the

to my disk i'm going to go back to the console i'm going to head back on over

console i'm going to head back on over to the main page of disks i'm going to

to the main page of disks i'm going to drill down into bow tie instance 2 and

drill down into bow tie instance 2 and here it is the snapshot schedule has

here it is the snapshot schedule has been attached and so i want to

been attached and so i want to congratulate you on making it to the end

congratulate you on making it to the end of this demo and i hope this demo has

of this demo and i hope this demo has been useful as snapshots in the role of

been useful as snapshots in the role of an engineer is a common task that can

an engineer is a common task that can save you from any data loss once set

save you from any data loss once set into place and so just as a recap you've

into place and so just as a recap you've created an instance you created a file

created an instance you created a file on that instance and then you've created

on that instance and then you've created a snapshot of the disk of that instance

a snapshot of the disk of that instance and used it to create another instance

and used it to create another instance you then verified the snapshot and then

you then verified the snapshot and then created a snapshot schedule for both

created a snapshot schedule for both boot disks of the instances using the

boot disks of the instances using the console and the command line well done

console and the command line well done on another great job now before you go i

on another great job now before you go i wanted to take a moment to clean up any

wanted to take a moment to clean up any resources we've used so we don't

resources we've used so we don't accumulate any costs and so the first

accumulate any costs and so the first thing we want to do is we want to detach

thing we want to do is we want to detach the snapshot schedules from the disks

the snapshot schedules from the disks and so since we're in bow tie instance 2

and so since we're in bow tie instance 2 i'm going to go ahead and click on edit

i'm going to go ahead and click on edit under snapshot schedule i'm going to

under snapshot schedule i'm going to select the no schedule hit save and i'm

select the no schedule hit save and i'm going to do the same thing with my other

going to do the same thing with my other disk

now i'm going to head back on over to snapshots i'm going to delete this

snapshots i'm going to delete this snapshot and i'm going to head back on

snapshot and i'm going to head back on over to snapshot schedules i'm going to

over to snapshot schedules i'm going to select all the snapshot schedules and

select all the snapshot schedules and i'm going to click on delete

i'm going to click on delete and now that everything's cleaned up

and now that everything's cleaned up with regards to snapshots and snapshot

with regards to snapshots and snapshot schedules i can now go over to vm

schedules i can now go over to vm instances and delete the instances

instances and delete the instances i'm going to select them all and simply

i'm going to select them all and simply click on delete

and so that's pretty much all i wanted to cover in this demo when it comes to

to cover in this demo when it comes to snapshots and snapshot schedules

snapshots and snapshot schedules so you can now mark this as complete and

so you can now mark this as complete and let's move on to the next one

welcome back in this lesson we're going to switch gears and take an automated

to switch gears and take an automated approach to deployment by diving into

approach to deployment by diving into google's tool for infrastructure as code

google's tool for infrastructure as code called deployment manager now deployment

called deployment manager now deployment manager allows you to deploy

manager allows you to deploy update and tear down resources from

update and tear down resources from within google cloud using yaml jinja and

within google cloud using yaml jinja and python code templates it allows you to

python code templates it allows you to automate the deployment of all the

automate the deployment of all the resources that are available in google

resources that are available in google cloud and deploy it in a fast easy and

cloud and deploy it in a fast easy and repeatable way for consistency and

repeatable way for consistency and efficiency in this lesson we're going to

efficiency in this lesson we're going to explore the architecture of deployment

explore the architecture of deployment manager and dive into all the different

manager and dive into all the different components that gives it its flexibility

components that gives it its flexibility and the features that make this tool an

and the features that make this tool an easy solution for deploying complex

easy solution for deploying complex environments so with that being said

environments so with that being said let's dive in

let's dive in now breaking down the components that i

now breaking down the components that i mentioned earlier i wanted to start off

mentioned earlier i wanted to start off with the first component being the

with the first component being the configuration now a configuration

configuration now a configuration defines the structure of your deployment

defines the structure of your deployment as you must specify a configuration to

as you must specify a configuration to create a deployment a configuration

create a deployment a configuration describes all the resources you want for

describes all the resources you want for a single deployment and is written in

a single deployment and is written in yaml syntax that lists each of the

yaml syntax that lists each of the resources you want to create and its

resources you want to create and its respective resource properties a

respective resource properties a configuration must contain a resources

configuration must contain a resources section followed by the list of

section followed by the list of resources to create and so each resource

resources to create and so each resource must contain these three components the

must contain these three components the name the type and properties without

name the type and properties without these three components a deployment will

these three components a deployment will not instantiate and so i wanted to take

not instantiate and so i wanted to take a moment to go over these three

a moment to go over these three components in a bit of depth so the

components in a bit of depth so the first component of the configuration is

first component of the configuration is the name and the name is a user defined

the name and the name is a user defined string to identify this resource and can

string to identify this resource and can be anything you choose from names like

be anything you choose from names like instance one my-vm

instance one my-vm bowtie dash instance and you can even go

bowtie dash instance and you can even go as far to use larks dash instance dash

as far to use larks dash instance dash don't dash touch and the syntax can be

don't dash touch and the syntax can be found here and must not contain any

found here and must not contain any spaces or invalid characters next

spaces or invalid characters next component in a configuration is type and

component in a configuration is type and there are a couple of different types

there are a couple of different types that you can choose from a type can

that you can choose from a type can represent a single api source known as a

represent a single api source known as a base type

base type or a set of resources known as a

or a set of resources known as a composite type and either one of these

composite type and either one of these can be used to create part of your

can be used to create part of your deployment the type of the resource

deployment the type of the resource being deployed here in this diagram is

being deployed here in this diagram is shown as a base type of

shown as a base type of compute.v1.instance

compute.v1.instance and there are many other api resources

and there are many other api resources that can be used such as compute.v1.disk

that can be used such as compute.v1.disk app engine dot v1 as well as

app engine dot v1 as well as bigquery.v2 and the syntax is shown here

bigquery.v2 and the syntax is shown here as api dot version dot resource now a

as api dot version dot resource now a composite type contains one or more

composite type contains one or more templates that are pre-configured to

templates that are pre-configured to work together these templates expand to

work together these templates expand to a set of base types when deployed in a

a set of base types when deployed in a deployment composite types are

deployment composite types are essentially hosted templates that you

essentially hosted templates that you can add to deployment manager the syntax

can add to deployment manager the syntax is shown here as gcp dash types forward

is shown here as gcp dash types forward slash provider colon resource and to

slash provider colon resource and to give you an example of what a composite

give you an example of what a composite type looks like

type looks like here is shown the creation of a reserved

here is shown the creation of a reserved ip address using the compute engine v1

ip address using the compute engine v1 api and you could also use composite

api and you could also use composite types with other apis in the same way

types with other apis in the same way such as gcp dash types forward slash app

such as gcp dash types forward slash app engine dash v1 colon apps or bigquery

engine dash v1 colon apps or bigquery v2 colon data sets and for the last

v2 colon data sets and for the last component in a configuration is

component in a configuration is properties and this is the parameters

properties and this is the parameters for the resource type this includes all

for the resource type this includes all the parameters you see here in this

the parameters you see here in this example including the zone

example including the zone machine type the type of disk along with

machine type the type of disk along with its parameters pretty much everything

its parameters pretty much everything that gives detail on the resource type

that gives detail on the resource type now just as a note they must match the

now just as a note they must match the properties for this type so what do i

properties for this type so what do i mean by this so let's say you entered a

mean by this so let's say you entered a zone but that particular zone doesn't

zone but that particular zone doesn't exist or that compute engine machine

exist or that compute engine machine type doesn't exist in that zone you will

type doesn't exist in that zone you will end up getting an error as deployment

end up getting an error as deployment manager will not be able to parse this

manager will not be able to parse this configuration and thus failing

configuration and thus failing deployment so make sure when you add

deployment so make sure when you add your properties that they match those of

your properties that they match those of the resource now a configuration can

the resource now a configuration can contain templates which are essentially

contain templates which are essentially parts of the configuration file that

parts of the configuration file that have been abstracted into individual

have been abstracted into individual building blocks a template is a separate

building blocks a template is a separate file that is imported and used as a type

file that is imported and used as a type in a configuration and you can use as

in a configuration and you can use as many templates as you want in a

many templates as you want in a configuration and allow you to separate

configuration and allow you to separate your configuration out into different

your configuration out into different pieces that you can use and reuse across

pieces that you can use and reuse across different deployments templates can be

different deployments templates can be as generalized or specific as you need

as generalized or specific as you need and they also allow you to take

and they also allow you to take advantage of features like template

advantage of features like template properties environment variables and

properties environment variables and modules to create dynamic configuration

modules to create dynamic configuration as shown here templates can be written

as shown here templates can be written in a couple of different ways they can

in a couple of different ways they can be written in either ginger 2.1 or

be written in either ginger 2.1 or python 3. the example shown on the left

python 3. the example shown on the left has been written in ginger and is very

has been written in ginger and is very similar to the yaml syntax so if you're

similar to the yaml syntax so if you're familiar with yaml this might be better

familiar with yaml this might be better for you the example on the right has

for you the example on the right has been written in python and is pretty

been written in python and is pretty amazing as you can take advantage of

amazing as you can take advantage of programmatically generating parts of

programmatically generating parts of your templates if you are familiar with

your templates if you are familiar with python this might be a better format for

python this might be a better format for you now one of the advantages of using

you now one of the advantages of using templates is the ability to create and

templates is the ability to create and define custom template properties

define custom template properties template properties are arbitrary

template properties are arbitrary variables that you define in template

variables that you define in template files any configuration file or template

files any configuration file or template file that uses the template in question

file that uses the template in question can provide a value for the template

can provide a value for the template property without changing the template

property without changing the template directly this lets you abstract the

directly this lets you abstract the property so that you can change the

property so that you can change the property's value for each unique

property's value for each unique configuration without updating the

configuration without updating the underlying template and just as a note

underlying template and just as a note deployment manager creates predefined

deployment manager creates predefined environment variables that you can use

environment variables that you can use in your deployment in this example the

in your deployment in this example the project variable will use the project id

project variable will use the project id for this specific project and so

for this specific project and so combining all these components together

combining all these components together will give you a deployment and so a

will give you a deployment and so a deployment is a collection of resources

deployment is a collection of resources that are deployed and managed together

that are deployed and managed together using a configuration you can then

using a configuration you can then deploy update or delete this deployment

deploy update or delete this deployment by merely changing some code or at the

by merely changing some code or at the click of a button now when you deploy

click of a button now when you deploy you provide a valid configuration in the

you provide a valid configuration in the request to create the deployment a

request to create the deployment a deployment can contain a number of

deployment can contain a number of resources across a number of google

resources across a number of google cloud services when you create a

cloud services when you create a deployment deployment manager creates

deployment deployment manager creates all of the described resources to deploy

all of the described resources to deploy a configuration it must be done through

a configuration it must be done through the command line and cannot be done

the command line and cannot be done through the console you can simply use

through the console you can simply use the syntax shown here and a deployment

the syntax shown here and a deployment will be instantiated from the

will be instantiated from the configuration file that you have entered

configuration file that you have entered where bow tie deploy is the name of the

where bow tie deploy is the name of the deployment and the file after the dash

deployment and the file after the dash dash config is your configuration file

dash config is your configuration file google cloud also offers pre-defined

google cloud also offers pre-defined templates that you can use to deploy

templates that you can use to deploy from the gcp marketplace and can be

from the gcp marketplace and can be found right in the console of deployment

found right in the console of deployment manager this way all the configuration

manager this way all the configuration and template creation is handled for you

and template creation is handled for you and you just deploy the solution through

and you just deploy the solution through the console now after you've created a

the console now after you've created a deployment you can update it whenever

deployment you can update it whenever you need to you can update a deployment

you need to you can update a deployment by adding or removing resources from a

by adding or removing resources from a deployment or updating the properties of

deployment or updating the properties of existing resources in a deployment a

existing resources in a deployment a single update can contain any

single update can contain any combination of these changes so you can

combination of these changes so you can make changes to the properties of

make changes to the properties of existing resources and add new resources

existing resources and add new resources in the same request you update your

in the same request you update your deployment by first making changes to

deployment by first making changes to your configuration file or you can

your configuration file or you can create a configuration file with the

create a configuration file with the changes you want you will then have the

changes you want you will then have the option to pick the policies to use for

option to pick the policies to use for your updates or you can use the default

your updates or you can use the default policies and finally you then make the

policies and finally you then make the update request to deployment manager and

update request to deployment manager and so once you've launched your deployment

so once you've launched your deployment each deployment has a corresponding

each deployment has a corresponding manifest as the example shown here a

manifest as the example shown here a manifest is a read-only property that

manifest is a read-only property that describes all the resources in your

describes all the resources in your deployment and is automatically created

deployment and is automatically created with each new deployment manifests

with each new deployment manifests cannot be modified after they have been

cannot be modified after they have been created as well it's not the same as a

created as well it's not the same as a configuration file but is created based

configuration file but is created based on the configuration file and so when

on the configuration file and so when you delete a deployment all resources

you delete a deployment all resources that are part of the deployment are also

that are part of the deployment are also deleted if you want to delete specific

deleted if you want to delete specific resources from your deployment and keep

resources from your deployment and keep the rest delete those resources from

the rest delete those resources from your configuration file and update the

your configuration file and update the deployment instead

deployment instead and so as you can see here deployment

and so as you can see here deployment manager gives you a slew of different

manager gives you a slew of different options to deploy update or delete

options to deploy update or delete resources simultaneously in google cloud

resources simultaneously in google cloud now like most services in gcp there are

now like most services in gcp there are always some best practices to follow

always some best practices to follow note that there are many more best

note that there are many more best practices to add to this and can be

practices to add to this and can be found in the documentation which i will

found in the documentation which i will be providing the link to in the lesson

be providing the link to in the lesson text but i did want to point out some

text but i did want to point out some important ones to remember so the first

important ones to remember so the first one i wanted to bring up is to break

one i wanted to bring up is to break your configurations up into logical

your configurations up into logical units so for example you should create

units so for example you should create separate configurations for networking

separate configurations for networking services security services and compute

services security services and compute services so this way each team will be

services so this way each team will be able to easily take care of their own

able to easily take care of their own domain without having to sift through a

domain without having to sift through a massive template containing the code to

massive template containing the code to the entire environment another best

the entire environment another best practice to follow is to use references

practice to follow is to use references and references should be used for values

and references should be used for values that are not defined until a resource is

that are not defined until a resource is created such as resources self-link ip

created such as resources self-link ip address or system generated id without

address or system generated id without references deployment manager creates

references deployment manager creates all resources in parallel so there's no

all resources in parallel so there's no guarantee that dependent resources are

guarantee that dependent resources are created in the correct order using

created in the correct order using references would enforce the order in

references would enforce the order in which resources are created the next one

which resources are created the next one is to preview your deployments using the

is to preview your deployments using the preview flag so you should always

preview flag so you should always preview your deployments to assess how

preview your deployments to assess how making an update will affect your

making an update will affect your deployment deployment manager does not

deployment deployment manager does not actually deploy resources when you

actually deploy resources when you preview a configuration but runs a mock

preview a configuration but runs a mock deployment of those resources instead

deployment of those resources instead this gives you the opportunity to see

this gives you the opportunity to see the changes to your deployment before

the changes to your deployment before committing to it you also want to

committing to it you also want to consider automating the creation of

consider automating the creation of projects as well as automating the

projects as well as automating the creation of resources contained within

creation of resources contained within the projects and this enables you to

the projects and this enables you to adopt an infrastructure as code approach

adopt an infrastructure as code approach for project provisioning this will allow

for project provisioning this will allow you to provide a series of predefined

you to provide a series of predefined project environments that can be quickly

project environments that can be quickly and easily provisioned it will also

and easily provisioned it will also allow you to use version control to

allow you to use version control to manage your base project configuration

manage your base project configuration and it will also allow you to deploy

and it will also allow you to deploy reproducible and consistent project

reproducible and consistent project configurations and lastly using a

configurations and lastly using a version control system as part of the

version control system as part of the development process for your deployments

development process for your deployments is a great best practice to follow as it

is a great best practice to follow as it allows you to fall back to a previous

allows you to fall back to a previous known good configuration it provides an

known good configuration it provides an audit trail for changes as well it uses

audit trail for changes as well it uses the configuration as part of a

the configuration as part of a continuous deployment system now as

continuous deployment system now as you've seen here in this lesson

you've seen here in this lesson deployment manager can be a powerful

deployment manager can be a powerful tool in your tool belt when it comes to

tool in your tool belt when it comes to implementing infrastructure as code and

implementing infrastructure as code and it has endless possibilities that you

it has endless possibilities that you can explore on your own it can also

can explore on your own it can also provide a massive push

provide a massive push towards devops practices and head down

towards devops practices and head down the path of continuous automation

the path of continuous automation through continuous integration

through continuous integration continuous delivery and continuous

continuous delivery and continuous deployment and so that's pretty much all

deployment and so that's pretty much all i wanted to cover when it comes to

i wanted to cover when it comes to deployment manager and so whenever

deployment manager and so whenever you're ready join me in the next one

you're ready join me in the next one where we will go hands-on in a

where we will go hands-on in a demonstration to deploy a configuration

demonstration to deploy a configuration in deployment manager so you can now

in deployment manager so you can now mark this lesson as complete and

mark this lesson as complete and whenever you're ready join me in the

whenever you're ready join me in the console

console [Music]

[Music] welcome back in this demonstration we're

welcome back in this demonstration we're gonna go hands-on with deployment

gonna go hands-on with deployment manager and deploy a small web server

manager and deploy a small web server we're gonna first use the google cloud

we're gonna first use the google cloud editor to copy in our code and we're

editor to copy in our code and we're gonna then do a dry run and then finally

gonna then do a dry run and then finally deploy our code we're gonna then do a

deploy our code we're gonna then do a walkthrough of deployment manager in the

walkthrough of deployment manager in the console and go through the manifest as

console and go through the manifest as well as some of the other features we're

well as some of the other features we're then going to verify all the deployed

then going to verify all the deployed resources and we get to do an easy

resources and we get to do an easy cleanup in the end by hitting the delete

cleanup in the end by hitting the delete button and taking care of removing any

button and taking care of removing any resources that were created so there's

resources that were created so there's quite a bit to go through here and so

quite a bit to go through here and so with that being said let's dive in and

with that being said let's dive in and so as you can see here i am logged in as

so as you can see here i am logged in as tonybowties gmail.com in the project of

tonybowties gmail.com in the project of bowtie inc now since we're going to be

bowtie inc now since we're going to be doing most of our work in code the first

doing most of our work in code the first thing that we want to do is go to the

thing that we want to do is go to the google cloud editor so i'm going to go

google cloud editor so i'm going to go up here to the top and open up cloud

up here to the top and open up cloud shell and i'm going to then click on the

shell and i'm going to then click on the button open editor i'm going to make

button open editor i'm going to make this full screen for better viewing and

this full screen for better viewing and so in order to get the terminal in the

so in order to get the terminal in the same viewing pane as the editor i'm

same viewing pane as the editor i'm going to simply go up to the top menu

going to simply go up to the top menu and click on terminal and select new

and click on terminal and select new terminal now for better viewing and this

terminal now for better viewing and this is totally optional for you i'm going to

is totally optional for you i'm going to change the color theme into a dark mode

change the color theme into a dark mode and so i'm going to go up to the menu

and so i'm going to go up to the menu click on file go down to settings and go

click on file go down to settings and go over to color theme and i'm going to

over to color theme and i'm going to select dark visual studio and for those

select dark visual studio and for those of you who are working in visual studio

of you who are working in visual studio code this may look very familiar to you

code this may look very familiar to you and i'm also going to increase the font

and i'm also going to increase the font size by again going back up to file over

size by again going back up to file over to settings and then over to open

to settings and then over to open preferences here under workspace and

preferences here under workspace and then scroll down to terminal

then scroll down to terminal and if you scroll down to integrated

and if you scroll down to integrated font size i'm going to adjust the font

font size i'm going to adjust the font size to 20 for better viewing and my

size to 20 for better viewing and my cloud shell font size is a little bit

cloud shell font size is a little bit easier to see and so once you've done

easier to see and so once you've done that you can then close the preferences

that you can then close the preferences tab and we're now ready to create files

tab and we're now ready to create files in our editor okay so next up i want to

in our editor okay so next up i want to create a folder for all my files to live

create a folder for all my files to live in so i'm going to go up to the menu

in so i'm going to go up to the menu here i'm going to select on file and

here i'm going to select on file and select new folder and i'm going to

select new folder and i'm going to rename this folder as templates and hit

rename this folder as templates and hit ok and so now that we have the folder

ok and so now that we have the folder that all of our files are going to live

that all of our files are going to live in the next step is to open up the

in the next step is to open up the github repository in your text editor

github repository in your text editor and have your files ready to copy over

and have your files ready to copy over and so just as a note for those who are

and so just as a note for those who are fluent in how to use git

fluent in how to use git you can use this new feature in the

you can use this new feature in the cloud shell editor to clone the course

cloud shell editor to clone the course repo without having to recreate the

repo without having to recreate the files so i'm going to go over my text

files so i'm going to go over my text editor and make sure that you've

editor and make sure that you've recently done a git pull we're going to

recently done a git pull we're going to open up the files under compute engine

open up the files under compute engine deployment manager and you'll see

deployment manager and you'll see templates with a set of three files and

templates with a set of three files and i've already conveniently opened them up

i've already conveniently opened them up i'm going to go up to bow tie

i'm going to go up to bow tie deploy.yaml and this is going to be the

deploy.yaml and this is going to be the configuration file that i'm going to be

configuration file that i'm going to be copying over and once i finish copying

copying over and once i finish copying all these files over i'll be going

all these files over i'll be going through this in a little bit of detail

through this in a little bit of detail just so you can understand the format of

just so you can understand the format of this configuration and so i'm going to

this configuration and so i'm going to select all of this i'm going to copy

select all of this i'm going to copy this head back on over to the editor and

this head back on over to the editor and here i'm going to select file new file

here i'm going to select file new file so i'm going to rename this as bow tie

so i'm going to rename this as bow tie dash deploy dot yaml hit okay and i'm

dash deploy dot yaml hit okay and i'm going to paste in my code and so this

going to paste in my code and so this configuration file is showing that i'm

configuration file is showing that i'm going to be importing two templates by

going to be importing two templates by the name of bowtie.webserver.jinja

the name of bowtie.webserver.jinja as well as

as well as bowtie.network.jinja so i'm going to

bowtie.network.jinja so i'm going to have a template for my web server and a

have a template for my web server and a template for the network and under

template for the network and under resources as you can see this code here

resources as you can see this code here will create my bow tie dash web server

will create my bow tie dash web server the type is going to be the template the

the type is going to be the template the properties will have the zone the

properties will have the zone the machine type as well as a reference for

machine type as well as a reference for the network as well underneath the

the network as well underneath the bowtie web server is the bowtie network

bowtie web server is the bowtie network and again this is pulling from type

and again this is pulling from type bowtie.network.jinja

bowtie.network.jinja so this is a another template file and

so this is a another template file and under the properties we have the region

under the properties we have the region of us east one and so we're going to

of us east one and so we're going to copy over these two templates bowtie web

copy over these two templates bowtie web server and bowtie network as we need

server and bowtie network as we need both of these templates in order to

both of these templates in order to complete this deployment and so i'm

complete this deployment and so i'm going to go ahead and do that now head

going to go ahead and do that now head back on over to my code editor i'm going

back on over to my code editor i'm going to go to bowtie web server i'm going to

to go to bowtie web server i'm going to copy everything here back to my editor

copy everything here back to my editor and i'm going to create the new file

and i'm going to create the new file called bowtie

called bowtie web server it's going to be dot jinja

web server it's going to be dot jinja hit enter i'm going to paste the code in

hit enter i'm going to paste the code in and just to do a quick run through of

and just to do a quick run through of the template the instance name is going

the template the instance name is going to be bow tie dash website the type is

to be bow tie dash website the type is compute.v1.instance

compute.v1.instance and as you can see here we are using a

and as you can see here we are using a bunch of different properties here under

bunch of different properties here under zone we have property zone which is

zone we have property zone which is going to reference back to the yaml

going to reference back to the yaml template here under zone you will see us

template here under zone you will see us east 1b and so this way if i have to

east 1b and so this way if i have to create another web server

create another web server i can enter whatever zone i like here in

i can enter whatever zone i like here in the configuration file and leave the bow

the configuration file and leave the bow tie dash web server template just the

tie dash web server template just the way it is under machine type i have

way it is under machine type i have variables set for both the zone and

variables set for both the zone and machine type under disks i'm going to

machine type under disks i'm going to have the device name as an environment

have the device name as an environment variable and it's going to be a

variable and it's going to be a persistent disk and the source image is

persistent disk and the source image is going to be debian9 i also put in some

going to be debian9 i also put in some metadata here that will bring up the web

metadata here that will bring up the web server and lastly i have a network tag

server and lastly i have a network tag of http server as well as the

of http server as well as the configuration for the network interface

configuration for the network interface the network referring to bowtie dash

the network referring to bowtie dash network and a sub network called public

network and a sub network called public which i will be showing to you in just a

which i will be showing to you in just a moment and as well the access configs of

moment and as well the access configs of the type one to one nat and this will

the type one to one nat and this will give the instance a public ip address

give the instance a public ip address and so now that we've gone through that

and so now that we've gone through that template we need to create one last

template we need to create one last template which is the bowtie dash

template which is the bowtie dash network so i'm going to head back on

network so i'm going to head back on over to my code editor and open up

over to my code editor and open up bowtie network select the code copy it

bowtie network select the code copy it back over to cloud editor and i'm going

back over to cloud editor and i'm going to create a new file call this bowtie

to create a new file call this bowtie network dot jinja hit enter paste in my

network dot jinja hit enter paste in my code and to quickly walk you through

code and to quickly walk you through this we're going to be creating a new

this we're going to be creating a new custom network called bow tie dash

custom network called bow tie dash network the type is going to be

network the type is going to be compute.v1.network

compute.v1.network as the vpc uses the compute engine api

as the vpc uses the compute engine api it's going to be a custom network so the

it's going to be a custom network so the value of the auto create sub networks is

value of the auto create sub networks is going to be false the name is going to

going to be false the name is going to be public here we have the custom

be public here we have the custom ipcider range and you can also use this

ipcider range and you can also use this as a variable but for this demo i

as a variable but for this demo i decided to just leave it under network i

decided to just leave it under network i have a reference to the bowtie network

have a reference to the bowtie network the value for private google access is

the value for private google access is false and the region variable is

false and the region variable is fulfilled through the configuration file

fulfilled through the configuration file moving right along i have two firewall

moving right along i have two firewall rules here one for ssh access and the

rules here one for ssh access and the other for web server access one opening

other for web server access one opening up port 22 to the world as well as port

up port 22 to the world as well as port 80. as well the web server access

80. as well the web server access firewall rule has a target tag of http

firewall rule has a target tag of http server referencing back to the network

server referencing back to the network tag of the bowtie web server instance

tag of the bowtie web server instance okay and so now we've finished creating

okay and so now we've finished creating the configuration file along with the

the configuration file along with the templates so i'm going to head back on

templates so i'm going to head back on up to the menu click on file and select

up to the menu click on file and select save all and since we've finished

save all and since we've finished creating all of our files the next thing

creating all of our files the next thing to do is to execute a mock deploy using

to do is to execute a mock deploy using the bowtie deploy configuration but

the bowtie deploy configuration but first i know that we haven't used

first i know that we haven't used deployment manager before and so i need

deployment manager before and so i need to go in and turn on the api and so i'm

to go in and turn on the api and so i'm just going to go up here to the top to

just going to go up here to the top to the search bar and i'm going to type in

the search bar and i'm going to type in deployment and you should see deployment

deployment and you should see deployment manager as the first result and bring

manager as the first result and bring this down a little bit and as expected

this down a little bit and as expected the deployment manager api has not been

the deployment manager api has not been enabled yet so i'm going to click on

enabled yet so i'm going to click on enable and after a few moments we should

enable and after a few moments we should be good to go

be good to go okay and as you can see here deployment

okay and as you can see here deployment manager is pretty empty

manager is pretty empty as most of it is done through the

as most of it is done through the command line but if you're looking to

command line but if you're looking to deploy a marketplace solution you can do

deploy a marketplace solution you can do that right here at the top and this will

that right here at the top and this will bring you right to the marketplace and

bring you right to the marketplace and will allow you to deploy from a large

will allow you to deploy from a large selection of pre-configured templates

selection of pre-configured templates but i don't want to do that and so i'm

but i don't want to do that and so i'm just going to bring this up a little bit

just going to bring this up a little bit and i'm going to head on over to the

and i'm going to head on over to the terminal i'm going to run an ls i'm

terminal i'm going to run an ls i'm going to run the command ls and you

going to run the command ls and you should be able to see the templates

should be able to see the templates folder i'm going to change my directory

folder i'm going to change my directory into the templates folder do another ls

into the templates folder do another ls and here are all my files and so before

and here are all my files and so before we do a mock deploy of this

we do a mock deploy of this configuration we want to make sure that

configuration we want to make sure that we're deploying to the correct project i

we're deploying to the correct project i can see here that i am currently in bow

can see here that i am currently in bow tie inc but if you are ever unsure about

tie inc but if you are ever unsure about the project that you're in you can

the project that you're in you can always run the gcloud config list

always run the gcloud config list command in order to confirm so i'm going

command in order to confirm so i'm going to quickly clear my screen and i'm going

to quickly clear my screen and i'm going to run the command gcloud config list

to run the command gcloud config list it's going to prompt me to authorize

it's going to prompt me to authorize this api call and i'm going to authorize

this api call and i'm going to authorize and as expected my project is set to

and as expected my project is set to deploy in project bowtie inc and so now

deploy in project bowtie inc and so now that i've verified it i'm going to

that i've verified it i'm going to quickly clear my screen again and so i'm

quickly clear my screen again and so i'm going to paste in my command gcloud

going to paste in my command gcloud deployment dash manager deployments

deployment dash manager deployments create bowtie deploy which is the name

create bowtie deploy which is the name of the deployment along with the

of the deployment along with the configuration file flag dash dash config

configuration file flag dash dash config and then the name of the configuration

and then the name of the configuration file which is bowtie

file which is bowtie deploy.yaml and the preview flag as

deploy.yaml and the preview flag as we're only doing a mock deploy and so if

we're only doing a mock deploy and so if there are any errors i'll be able to see

there are any errors i'll be able to see this before i actually deploy all the

this before i actually deploy all the resources so i'm going to go ahead and

resources so i'm going to go ahead and hit enter and in just a minute we'll

hit enter and in just a minute we'll find out exactly what happens

find out exactly what happens and as you can see here the mock

and as you can see here the mock deployment was a success and there are

deployment was a success and there are no errors and if i do a quick refresh up

no errors and if i do a quick refresh up here in the console i'll be able to see

here in the console i'll be able to see my deployment which i can drill down

my deployment which i can drill down into and here i will see my manifest

into and here i will see my manifest file with my manifest name and i can

file with my manifest name and i can view the config as well as my templates

view the config as well as my templates that it imported the layout as well as

that it imported the layout as well as the expanded config so if i click on

the expanded config so if i click on view of the config it'll show me here in

view of the config it'll show me here in the right hand panel exactly what this

the right hand panel exactly what this deployment has used for the config and i

deployment has used for the config and i can do the same thing with my template

can do the same thing with my template files so i'm going to open up my network

files so i'm going to open up my network template and i can quickly go through

template and i can quickly go through that if i'd like as well i also have the

that if i'd like as well i also have the option to download it and if i really

option to download it and if i really want to get granular i can go over here

want to get granular i can go over here to the left hand pane i can select on vm

to the left hand pane i can select on vm instance and it'll show me all the

instance and it'll show me all the resource properties everything from the

resource properties everything from the disks to the machine type to the

disks to the machine type to the metadata the network interfaces the zone

metadata the network interfaces the zone that it's in and the network tag same

that it's in and the network tag same thing if i go over here to the network

thing if i go over here to the network and again because this is a custom

and again because this is a custom network the value for the autocreate

network the value for the autocreate subnetworks is false i can check on the

subnetworks is false i can check on the public sub network as well as the

public sub network as well as the firewall rules and so because this is a

firewall rules and so because this is a preview it has not actually deployed

preview it has not actually deployed anything now taking a look at compute

anything now taking a look at compute engine instances in a new tab you can

engine instances in a new tab you can see here that i have no instances

see here that i have no instances deployed and so the same goes for any of

deployed and so the same goes for any of the other resources and so what we want

the other resources and so what we want to do now is we want to deploy this

to do now is we want to deploy this deployment and we can do that one of two

deployment and we can do that one of two ways we can simply click on the button

ways we can simply click on the button here that says deploy or we can run the

here that says deploy or we can run the command in the command line and so i'm

command in the command line and so i'm looking to show you how to do it in the

looking to show you how to do it in the command line so i'm going to move down

command line so i'm going to move down to the command line i'm going to quickly

to the command line i'm going to quickly clear my screen

clear my screen i'm going to paste in the code which is

i'm going to paste in the code which is gcloud deployment dash manager

gcloud deployment dash manager deployments update bowtie deploy now

deployments update bowtie deploy now you're probably wondering why update and

you're probably wondering why update and this is because the configuration has

this is because the configuration has been deployed even though it's a preview

been deployed even though it's a preview deployment manager still sees it as a

deployment manager still sees it as a deployment and has created what google

deployment and has created what google cloud calls a shell and so by using

cloud calls a shell and so by using update you can fully deploy the

update you can fully deploy the configuration using your last preview to

configuration using your last preview to perform that update and this will deploy

perform that update and this will deploy your resources exactly how you see it in

your resources exactly how you see it in the manifest and so anytime i make an

the manifest and so anytime i make an adjustment to either the configuration

adjustment to either the configuration or the templates i can simply run the

or the templates i can simply run the update command instead of doing the

update command instead of doing the whole deployment again so i want to get

whole deployment again so i want to get this deployed now and so i'm going to

this deployed now and so i'm going to hit enter

hit enter and i'll be back in a minute once it's

and i'll be back in a minute once it's deployed all the resources and success

deployed all the resources and success my deployment is successful and as you

my deployment is successful and as you can see here there are no errors and all

can see here there are no errors and all the resources are in a completed state

the resources are in a completed state so i'm going to select my bow tie

so i'm going to select my bow tie website in my manifest and i'll have

website in my manifest and i'll have access to the resource with a link up

access to the resource with a link up here at the top that will bring me to

here at the top that will bring me to the instance as well i can ssh into the

the instance as well i can ssh into the instance and i have all the same options

instance and i have all the same options that i have in the compute engine

that i have in the compute engine console and so in order to verify that

console and so in order to verify that all my resources have been deployed i'm

all my resources have been deployed i'm going to go back over to the tab that i

going to go back over to the tab that i already have open and as you can see my

already have open and as you can see my instance has been deployed and i want to

instance has been deployed and i want to check to see if my network has been

check to see if my network has been deployed so i'm going to go up to the

deployed so i'm going to go up to the navigation menu and i'm going to head on

navigation menu and i'm going to head on down to vpc network and as you can see

down to vpc network and as you can see here bowtie network has been deployed

here bowtie network has been deployed with its two corresponding firewall

with its two corresponding firewall rules i'm going to drill down into

rules i'm going to drill down into bowtie network and check out the

bowtie network and check out the firewall rules and as you can see here

firewall rules and as you can see here ssh access and web server access have

ssh access and web server access have been created with its corresponding

been created with its corresponding protocols and ports and so now that i

protocols and ports and so now that i know that all my resources have been

know that all my resources have been deployed i want to head back on over to

deployed i want to head back on over to compute engine to see if my instance has

compute engine to see if my instance has been configured properly so i'm going to

been configured properly so i'm going to click on ssh to see if i can ssh into

click on ssh to see if i can ssh into the instance and success with ssh so i

the instance and success with ssh so i know that this is working properly and

know that this is working properly and so i'm going to close this tab down and

so i'm going to close this tab down and i also want to see whether or not my web

i also want to see whether or not my web server has been configured properly with

server has been configured properly with the metadata that i provided it and so i

the metadata that i provided it and so i can directly open up the webpage by

can directly open up the webpage by simply clicking on this link and success

simply clicking on this link and success my you look dapper today why thank you

my you look dapper today why thank you tony bowtie and so as you can see the

tony bowtie and so as you can see the web server has been configured properly

web server has been configured properly using the metadata that i provided so i

using the metadata that i provided so i wanted to congratulate you on making it

wanted to congratulate you on making it to the end of this demo and hope it has

to the end of this demo and hope it has been extremely useful and gave you an

been extremely useful and gave you an understanding of how infrastructure is

understanding of how infrastructure is code is used in google cloud using their

code is used in google cloud using their native tools i hope this also triggered

native tools i hope this also triggered some possible use cases for you that

some possible use cases for you that will allow you to automate more

will allow you to automate more resources and configurations in your

resources and configurations in your environment and allow you to start

environment and allow you to start innovating on fantastic new ways for

innovating on fantastic new ways for cicd for those of you who are familiar

cicd for those of you who are familiar with infrastructure as code this may

with infrastructure as code this may have been a refresher but will give you

have been a refresher but will give you some insight for questions on the exam

some insight for questions on the exam that cover deployment manager and just

that cover deployment manager and just as a quick note for those of you who are

as a quick note for those of you who are looking to learn more about

looking to learn more about infrastructure as code i have put a few

infrastructure as code i have put a few links in the lesson text going into

links in the lesson text going into depth on deployment manager and another

depth on deployment manager and another tool that google recommends called

tool that google recommends called terraform and so now before you go we

terraform and so now before you go we want to clean up all the resources that

want to clean up all the resources that we've deployed to reduce any incurred

we've deployed to reduce any incurred costs and because deployment manager

costs and because deployment manager makes it easy we can do it in one simple

makes it easy we can do it in one simple step so i'm going to head back on over

step so i'm going to head back on over to my open tab where i have my console

to my open tab where i have my console open to deployment manager and i'm going

open to deployment manager and i'm going to head on over to the delete button and

to head on over to the delete button and simply click on delete now deployment

simply click on delete now deployment manager gives me the option of deleting

manager gives me the option of deleting all the resources it created or simply

all the resources it created or simply deleting the manifest but keeping the

deleting the manifest but keeping the resources untouched and so you want to

resources untouched and so you want to select delete bowtie deploy with all of

select delete bowtie deploy with all of its resources and simply click on delete

its resources and simply click on delete all and this will initiate the teardown

all and this will initiate the teardown of all the resources that have been

of all the resources that have been deployed from the bowtie deploy

deployed from the bowtie deploy configuration and this will take a few

configuration and this will take a few minutes to tear down but if you ever

minutes to tear down but if you ever have a larger configuration to deploy

have a larger configuration to deploy just as a note it may take a little bit

just as a note it may take a little bit longer to both deploy and to tear down

longer to both deploy and to tear down and so just as a recap you've created a

and so just as a recap you've created a configuration file and two templates in

configuration file and two templates in the cloud shell editor you then deployed

the cloud shell editor you then deployed your configuration using deployment

your configuration using deployment manager through the command line in

manager through the command line in cloud shell you then verified each

cloud shell you then verified each individual resource that was deployed

individual resource that was deployed and verified the configuration of each

and verified the configuration of each resource congratulations again on a job

resource congratulations again on a job well done and so that's pretty much all

well done and so that's pretty much all i wanted to cover in this demo when it

i wanted to cover in this demo when it comes to deploying resources using

comes to deploying resources using deployment manager so you can now mark

deployment manager so you can now mark this as complete and let's move on to

this as complete and let's move on to the next one

the next one [Music]

[Music] welcome back and in this lesson we're

welcome back and in this lesson we're going to learn about google cloud load

going to learn about google cloud load balancing and how it's used to

balancing and how it's used to distribute traffic within the google

distribute traffic within the google cloud platform google cloud load

cloud platform google cloud load balancing is essential when using it

balancing is essential when using it with instance groups kubernetes clusters

with instance groups kubernetes clusters and is pretty much the defacto when it

and is pretty much the defacto when it comes to balancing traffic coming in as

comes to balancing traffic coming in as well as within your gcp environment

well as within your gcp environment knowing the differences between the

knowing the differences between the types of load balancers and which one to

types of load balancers and which one to use for specific scenarios is crucial

use for specific scenarios is crucial for the exam as you will be tested on it

for the exam as you will be tested on it and so there's a lot to cover here so

and so there's a lot to cover here so with that being said let's dive in now i

with that being said let's dive in now i wanted to start off with some basics

wanted to start off with some basics with regards to what is low balancing

with regards to what is low balancing and so when it comes to the low balancer

and so when it comes to the low balancer itself a low balancer distributes user

itself a low balancer distributes user traffic across multiple instances of

traffic across multiple instances of your application so by spreading the

your application so by spreading the load you reduce the risk of your

load you reduce the risk of your applications experiencing performance

applications experiencing performance issues a load balancer is a single point

issues a load balancer is a single point of entry with either one or multiple

of entry with either one or multiple back ends and within gcp these back ends

back ends and within gcp these back ends could consist of either instance groups

could consist of either instance groups or negs and i'll be getting into any g's

or negs and i'll be getting into any g's in just a little bit low balancers on

in just a little bit low balancers on gcp are fully distributed and software

gcp are fully distributed and software defined so there is no actual hardware

defined so there is no actual hardware load balancer involved in low balancing

load balancer involved in low balancing on gcp it is completely software defined

on gcp it is completely software defined and so there's no need to worry about

and so there's no need to worry about any hardware any pre-warming time as

any hardware any pre-warming time as this is all done through software now

this is all done through software now depending on which low balancer you

depending on which low balancer you choose google cloud gives you the option

choose google cloud gives you the option of having either a global load balancer

of having either a global load balancer or a regional load balancer the load

or a regional load balancer the load balancers are meant to serve content as

balancers are meant to serve content as close as possible to the users so that

close as possible to the users so that they don't experience increased latency

they don't experience increased latency and gives the users a better experience

and gives the users a better experience as well as reducing latency on your

as well as reducing latency on your applications when dealing with low

applications when dealing with low balancers in between services google

balancers in between services google cloud also offers auto scaling with

cloud also offers auto scaling with health checks in their load balancers to

health checks in their load balancers to make sure that your traffic is always

make sure that your traffic is always routed to healthy instances and by using

routed to healthy instances and by using auto scaling able to scale up the amount

auto scaling able to scale up the amount of instances you need in order to handle

of instances you need in order to handle the load automatically now as there are

the load automatically now as there are many different low balancers to choose

many different low balancers to choose from it helps to know what specific

from it helps to know what specific aspects you're looking for and how you

aspects you're looking for and how you want your traffic distributed and so

want your traffic distributed and so google has broken them down for us into

google has broken them down for us into these three categories the first

these three categories the first category is global versus regional

category is global versus regional global load balancing is great for when

global load balancing is great for when your back ends are distributed across

your back ends are distributed across multiple regions

multiple regions and your users need access to the same

and your users need access to the same applications and content

applications and content using a single anycast ip address

using a single anycast ip address as well when you're looking for ipv6

as well when you're looking for ipv6 termination global load balancing will

termination global load balancing will take care of that now when it comes to

take care of that now when it comes to regional load balancing this is if

regional load balancing this is if you're looking at serving your back ends

you're looking at serving your back ends in a single region and handling only

in a single region and handling only ipv4 traffic now once you've determined

ipv4 traffic now once you've determined whether or not you need global versus

whether or not you need global versus regional low balancing the second

regional low balancing the second category to dive into is external versus

category to dive into is external versus internal external load balancers are

internal external load balancers are designed to distribute traffic coming

designed to distribute traffic coming into your network from the internet

into your network from the internet and internal load balancers are designed

and internal load balancers are designed to distribute traffic within your

to distribute traffic within your network and finally the last category

network and finally the last category that will help you decide on what type

that will help you decide on what type of load balancer you need is the traffic

of load balancer you need is the traffic type and shown here are all the traffic

type and shown here are all the traffic types that cover http https tcp and udp

types that cover http https tcp and udp and so now that we've covered the

and so now that we've covered the different types of load balancing that's

different types of load balancing that's available on google cloud i wanted to

available on google cloud i wanted to dive into some more depth on the low

dive into some more depth on the low balancers themselves here you can see

balancers themselves here you can see that there are five load balancers

that there are five load balancers available and i will be going through

available and i will be going through each one of these in detail now before

each one of these in detail now before diving into the low balancers themselves

diving into the low balancers themselves i wanted to introduce you to a concept

i wanted to introduce you to a concept using gcp

using gcp for all load balancers called back end

for all load balancers called back end services how a low balancer knows

services how a low balancer knows exactly what to do is defined by a

exactly what to do is defined by a backend service and this is how cloud

backend service and this is how cloud load balancing knows how to distribute

load balancing knows how to distribute the traffic the backend service

the traffic the backend service configuration contains a set of values

configuration contains a set of values such as the protocol used to connect to

such as the protocol used to connect to back ends various distribution in

back ends various distribution in session settings health checks and

session settings health checks and timeouts these settings provide fine

timeouts these settings provide fine grain control over how your load

grain control over how your load balancer behaves an external http or

balancer behaves an external http or https load balancer must have at least

https load balancer must have at least one backend service and can have

one backend service and can have multiple backend services the back ends

multiple backend services the back ends of a backend service can be either

of a backend service can be either instance groups or network endpoint

instance groups or network endpoint groups also known as negs but not a

groups also known as negs but not a combination of both and so just as a

combination of both and so just as a note you'll hear me refer to negs over

note you'll hear me refer to negs over the course of this lesson and so a

the course of this lesson and so a network endpoint group also known as neg

network endpoint group also known as neg is a configuration object that specifies

is a configuration object that specifies a group of back-end endpoints or

a group of back-end endpoints or services and a common use case for this

services and a common use case for this configuration is deploying services into

configuration is deploying services into containers now moving on to the values

containers now moving on to the values themselves i wanted to first start with

themselves i wanted to first start with health checks and google cloud uses the

health checks and google cloud uses the overall health state of each back end to

overall health state of each back end to determine its eligibility for receiving

determine its eligibility for receiving new requests or connections back ends

new requests or connections back ends that respond successfully for the

that respond successfully for the configured number of times are

configured number of times are considered healthy back-ends that fail

considered healthy back-ends that fail to respond successfully for a separate

to respond successfully for a separate number of times are considered unhealthy

number of times are considered unhealthy and when a back-end is considered

and when a back-end is considered unhealthy traffic will not be routed to

unhealthy traffic will not be routed to it next up is session affinity and

it next up is session affinity and session affinity sends all requests from

session affinity sends all requests from the same client to the same back end if

the same client to the same back end if the back end is healthy and it has

the back end is healthy and it has capacity service timeout is the next

capacity service timeout is the next value and this is the amount of time

value and this is the amount of time that the load balancer waits for a

that the load balancer waits for a backend to return a full response to a

backend to return a full response to a request next up is traffic distribution

request next up is traffic distribution and this comprises of three different

and this comprises of three different values the first one is a balancing mode

values the first one is a balancing mode and this defines how the load balancer

and this defines how the load balancer measures back-end readiness for the new

measures back-end readiness for the new requests or connections the second one

requests or connections the second one is target capacity and this defines a

is target capacity and this defines a target maximum number of connections a

target maximum number of connections a target maximum rate or target maximum

target maximum rate or target maximum cpu utilization and the third value for

cpu utilization and the third value for traffic distribution is capacity scalar

traffic distribution is capacity scalar and this adjusts overall available

and this adjusts overall available capacity without modifying the target

capacity without modifying the target capacity and the last value for back-end

capacity and the last value for back-end services are back-ends and a back-end is

services are back-ends and a back-end is a group of endpoints that receive

a group of endpoints that receive traffic from a google cloud load

traffic from a google cloud load balancer and there are several types of

balancer and there are several types of back-ends but the one that we are

back-ends but the one that we are concentrating on for this section and

concentrating on for this section and for the exam is the instance group now

for the exam is the instance group now backend services are not critical to

backend services are not critical to know for the exam but i wanted to

know for the exam but i wanted to introduce you to this concept to add a

introduce you to this concept to add a bit more context for when you are

bit more context for when you are creating low balancers in any

creating low balancers in any environment

environment and will help you understand other

and will help you understand other concepts in this lesson and so this is

concepts in this lesson and so this is the end of part one of this lesson it

the end of part one of this lesson it was getting a bit long so i decided to

was getting a bit long so i decided to break it up this would be a great

break it up this would be a great opportunity for you to get up and have a

opportunity for you to get up and have a stretch get yourself a coffee or tea and

stretch get yourself a coffee or tea and whenever you're ready join me in part

whenever you're ready join me in part two where we will be starting

two where we will be starting immediately from the end of part one so

immediately from the end of part one so you can now complete this video and i

you can now complete this video and i will see you in part two

this is part two of the cloud load balancers lesson and we'll be starting

balancers lesson and we'll be starting exactly where we left off in part one so

exactly where we left off in part one so with that being said let's dive in now

with that being said let's dive in now before jumping right into the first load

before jumping right into the first load balancer that i wanted to introduce

balancer that i wanted to introduce which is http and https low balancer

which is http and https low balancer there's a couple of different concepts

there's a couple of different concepts that i wanted to introduce and these are

that i wanted to introduce and these are the methods of how an http and https

the methods of how an http and https load balancer distributes traffic using

load balancer distributes traffic using forwarding rules and these are cross

forwarding rules and these are cross region low balancing and content based

region low balancing and content based load balancing now touching on cross

load balancing now touching on cross region load balancing when you configure

region load balancing when you configure an external http or https load balancer

an external http or https load balancer in premium tier it uses a global

in premium tier it uses a global external ip address and can

external ip address and can intelligently route requests from users

intelligently route requests from users to the closest backend instance group or

to the closest backend instance group or neg based on proximity for example if

neg based on proximity for example if you set up instance groups in north

you set up instance groups in north america and europe and attach them to a

america and europe and attach them to a low balancers back-end service user

low balancers back-end service user requests around the world are

requests around the world are automatically sent to the vms closest to

automatically sent to the vms closest to the users assuming that the vms pass

the users assuming that the vms pass health checks and have enough capacity

health checks and have enough capacity if the closest vms are all unhealthy or

if the closest vms are all unhealthy or if the closest instance group is at

if the closest instance group is at capacity and another instance group is

capacity and another instance group is not at capacity the load balancer

not at capacity the load balancer automatically sends requests to the next

automatically sends requests to the next closest region that has available

closest region that has available capacity and so here in this diagram a

capacity and so here in this diagram a user in switzerland hits the low

user in switzerland hits the low balancer by going to bowtieinc.co and

balancer by going to bowtieinc.co and because there are vms that are able to

because there are vms that are able to serve that traffic in europe west 6

serve that traffic in europe west 6 traffic is routed to that region and so

traffic is routed to that region and so now getting into content based load

now getting into content based load balancing http and https low balancing

balancing http and https low balancing supports content based load balancing

supports content based load balancing using url maps to select a backend

using url maps to select a backend service based on the requested host name

service based on the requested host name request path or both for example you can

request path or both for example you can use a set of instance groups or negs to

use a set of instance groups or negs to handle your video content and another

handle your video content and another set to handle static as well as another

set to handle static as well as another set to handle any images you can also

set to handle any images you can also use http or https low balancing with

use http or https low balancing with cloud storage buckets and then after you

cloud storage buckets and then after you have your load balancer set up you can

have your load balancer set up you can add cloud storage buckets to it now

add cloud storage buckets to it now moving right along when it comes to http

moving right along when it comes to http and https load balancer this is a global

and https load balancer this is a global proxy based layer 7 low balancer which

proxy based layer 7 low balancer which is at the application layer and so just

is at the application layer and so just as a note here with all the other low

as a note here with all the other low balancers that are available in gcp the

balancers that are available in gcp the http and https low balancer is the only

http and https low balancer is the only layer 7 load balancer all the other low

layer 7 load balancer all the other low balancers in gcp are layer 4 and will

balancers in gcp are layer 4 and will work at the network layer and so this

work at the network layer and so this low balancer enables you to serve your

low balancer enables you to serve your applications worldwide behind a single

applications worldwide behind a single external unicast ip address external

external unicast ip address external http and https load balancing

http and https load balancing distributes http and https traffic to

distributes http and https traffic to back ends hosted on compute engine and

back ends hosted on compute engine and gke external http and https load

gke external http and https load balancing is implemented on google front

balancing is implemented on google front ends or gfes as shown here in the

ends or gfes as shown here in the diagram gfes are distributed globally

diagram gfes are distributed globally and operate together using google's

and operate together using google's global network and control plane in the

global network and control plane in the premium tier gfes offer cross-regional

premium tier gfes offer cross-regional low balancing directing traffic to the

low balancing directing traffic to the closest healthy backend that has

closest healthy backend that has capacity and terminating http and https

capacity and terminating http and https traffic as close as possible to your

traffic as close as possible to your users with the standard tier the load

users with the standard tier the load balancing is handled regionally and this

balancing is handled regionally and this load balancer is available to be used

load balancer is available to be used both externally and internally that

both externally and internally that makes this load balancer global external

makes this load balancer global external and internal this load balancer also

and internal this load balancer also gives support for https and ssl which

gives support for https and ssl which covers tls for encryption in transit as

covers tls for encryption in transit as well this load balancer accepts all

well this load balancer accepts all traffic whether it is ipv4 or ipv6

traffic whether it is ipv4 or ipv6 traffic and just know that ipv6 traffic

traffic and just know that ipv6 traffic will terminate at the low balancer and

will terminate at the low balancer and then it will forward traffic as ipv4 so

then it will forward traffic as ipv4 so it doesn't really matter which type of

it doesn't really matter which type of traffic you're sending the load balancer

traffic you're sending the load balancer will still send the traffic to the back

will still send the traffic to the back end using ipv4 this traffic is

end using ipv4 this traffic is distributed by location or by content as

distributed by location or by content as shown in the previous diagram forwarding

shown in the previous diagram forwarding rules are in place to distribute defined

rules are in place to distribute defined targets to each target pool for the

targets to each target pool for the instance groups again defined targets

instance groups again defined targets could be content based and therefore as

could be content based and therefore as shown in the previous diagram video

shown in the previous diagram video content could go to one target whereas

content could go to one target whereas static content could go to another

static content could go to another target url maps direct your requests

target url maps direct your requests based on rules so you can create a bunch

based on rules so you can create a bunch of rules depending on what type of

of rules depending on what type of traffic you want to direct and put them

traffic you want to direct and put them in maps for requests ssl certificates

in maps for requests ssl certificates are needed for https and these can be

are needed for https and these can be either google managed or self-managed

either google managed or self-managed and so just as a quick note here the

and so just as a quick note here the ports used for http are on 80 and 8080

ports used for http are on 80 and 8080 as well on https the port that is used

as well on https the port that is used is port 443 now moving into the next low

is port 443 now moving into the next low balancer is ssl proxy an ssl proxy low

balancer is ssl proxy an ssl proxy low balancing is a reverse proxy load

balancing is a reverse proxy load balancer that distributes ssl traffic

balancer that distributes ssl traffic coming from the internet to your vm

coming from the internet to your vm instances when using ssl proxy load

instances when using ssl proxy load balancing for your ssl traffic user ssl

balancing for your ssl traffic user ssl connections are terminated at the low

connections are terminated at the low balancing layer and then proxied to the

balancing layer and then proxied to the closest available backend instances by

closest available backend instances by either using ssl or tcp with the premium

either using ssl or tcp with the premium tier ssl proxy low balancing can be

tier ssl proxy low balancing can be configured as a global load balancing

configured as a global load balancing service with the standard tier the ssl

service with the standard tier the ssl proxy load balancer handles low

proxy load balancer handles low balancing regionally this load balancer

balancing regionally this load balancer also distributes traffic by location

also distributes traffic by location only ssl proxy low balancing lets you

only ssl proxy low balancing lets you use a single ip address for all users

use a single ip address for all users worldwide and is a layer 4 load balancer

worldwide and is a layer 4 load balancer which works on the network layer this

which works on the network layer this load balancer shows support for tcp with

load balancer shows support for tcp with ssl offload and this is something

ssl offload and this is something specific to remember for the exam this

specific to remember for the exam this is not like the http or https load

is not like the http or https load balancer where we can use specific rules

balancer where we can use specific rules or specific configurations in order to

or specific configurations in order to direct traffic ssl proxy low balancer

direct traffic ssl proxy low balancer supports both ipv4 and ipv6 but again it

supports both ipv4 and ipv6 but again it does terminate at the load balancer and

does terminate at the load balancer and forwards the traffic to the back end as

forwards the traffic to the back end as ipv4 traffic and forwarding rules are in

ipv4 traffic and forwarding rules are in place to distribute each defined target

place to distribute each defined target to its proper target pool and encryption

to its proper target pool and encryption is supported by configuring back-end

is supported by configuring back-end services to accept all the traffic over

services to accept all the traffic over ssl now just as a note it can also be

ssl now just as a note it can also be used for other protocols that use ssl

used for other protocols that use ssl such as web sockets and imap over ssl

such as web sockets and imap over ssl and carry a number of open ports to

and carry a number of open ports to support them moving on to the next load

support them moving on to the next load balancer is tcp proxy now the tcp proxy

balancer is tcp proxy now the tcp proxy load balancer is a reverse proxy load

load balancer is a reverse proxy load balancer that distributes tcp traffic

balancer that distributes tcp traffic coming from the internet to your vm

coming from the internet to your vm instances when using tcp proxy load

instances when using tcp proxy load balancing traffic coming over a tcp

balancing traffic coming over a tcp connection is terminated at the load

connection is terminated at the load balancing layer and then forwarded to

balancing layer and then forwarded to the closest available backend using tcp

the closest available backend using tcp or ssl so this is where the low balancer

or ssl so this is where the low balancer will determine which instances are at

will determine which instances are at capacity and send them to those

capacity and send them to those instances that are not like ssl proxy

instances that are not like ssl proxy load balancing tcp proxy load balancing

load balancing tcp proxy load balancing lets you use a single ip address for all

lets you use a single ip address for all users worldwide the tcp proxy load

users worldwide the tcp proxy load balancer automatically routes traffic to

balancer automatically routes traffic to the back ends that are closest to the

the back ends that are closest to the user this is a layer 4 load balancer and

user this is a layer 4 load balancer and again can serve traffic both globally

again can serve traffic both globally and externally tcp proxy distributes

and externally tcp proxy distributes traffic by location only and is intended

traffic by location only and is intended for specifically non-http traffic

for specifically non-http traffic although you can decide if you want to

although you can decide if you want to use ssl between the proxy and your back

use ssl between the proxy and your back end and you can do this by selecting a

end and you can do this by selecting a certificate on the back end again this

certificate on the back end again this type of load balancer supports ipv4 and

type of load balancer supports ipv4 and ipv6 traffic and ipv6 traffic will

ipv6 traffic and ipv6 traffic will terminate at the low balancer and

terminate at the low balancer and forwards that traffic to the back end as

forwards that traffic to the back end as ipv4 traffic now tcp proxy low balancing

ipv4 traffic now tcp proxy low balancing is intended for tcp traffic and supports

is intended for tcp traffic and supports many well-known ports such as port 25

many well-known ports such as port 25 for simple mail transfer protocol or

for simple mail transfer protocol or smtp next up we have the network load

smtp next up we have the network load balancer now the tcp udp network load

balancer now the tcp udp network load balancer is a regional pass-through load

balancer is a regional pass-through load balancer a network load balancer

balancer a network load balancer distributes tcp or udp traffic among

distributes tcp or udp traffic among instances in the same region network

instances in the same region network load balancers are not proxies and

load balancers are not proxies and therefore responses from the back end

therefore responses from the back end vms go directly to the clients

vms go directly to the clients not back through the load balancer the

not back through the load balancer the term known for this is direct server

term known for this is direct server return as shown here in the diagram this

return as shown here in the diagram this is a layer 4 regional load balancer and

is a layer 4 regional load balancer and an external load balancer as well that

an external load balancer as well that can serve to regional locations it

can serve to regional locations it supports either tcp or udp but not both

supports either tcp or udp but not both although it can low balance udp tcp and

although it can low balance udp tcp and ssl traffic on the ports that are not

ssl traffic on the ports that are not supported by the tcp proxy and ssl proxy

supported by the tcp proxy and ssl proxy ssl traffic can still be decrypted by

ssl traffic can still be decrypted by your back end instead of the load

your back end instead of the load balancer itself traffic is also

balancer itself traffic is also distributed by incoming protocol data

distributed by incoming protocol data this being protocols scheme and scope

this being protocols scheme and scope there is no tls offloading or proxying

there is no tls offloading or proxying and forwarding rules are in place to

and forwarding rules are in place to distribute and define targets to their

distribute and define targets to their target pools and this is for tcp and udp

target pools and this is for tcp and udp only now with other protocols they use

only now with other protocols they use target instances as opposed to instance

target instances as opposed to instance groups lastly a network load balancer

groups lastly a network load balancer can also only support

can also only support self-managed ssl certificates as opposed

self-managed ssl certificates as opposed to the google managed certificates as

to the google managed certificates as well and so the last low balancer to

well and so the last low balancer to introduce is the internal load balancer

introduce is the internal load balancer now an internal tcp or udp load balancer

now an internal tcp or udp load balancer is a layer 4 regional load balancer that

is a layer 4 regional load balancer that enables you to distribute traffic behind

enables you to distribute traffic behind an internal load balancing ip address

an internal load balancing ip address that is accessible only to your internal

that is accessible only to your internal vm instances internal tcp and udp load

vm instances internal tcp and udp load balancing distributes traffic among vm

balancing distributes traffic among vm instances in the same region this load

instances in the same region this load balancer supports tcp or udp traffic but

balancer supports tcp or udp traffic but not both and as i said before this type

not both and as i said before this type of load balancer is used to balance

of load balancer is used to balance traffic within gcp across instances this

traffic within gcp across instances this low balancer cannot be used for

low balancer cannot be used for balancing internet traffic as it is

balancing internet traffic as it is internal only traffic is automatically

internal only traffic is automatically sent to the back end as it does not

sent to the back end as it does not terminate client connections and for

terminate client connections and for forwarding rules this load balancer

forwarding rules this load balancer follows specific specifications where

follows specific specifications where you need to specify at least one and up

you need to specify at least one and up to five ports by number as well you must

to five ports by number as well you must specify all to forward traffic to all

specify all to forward traffic to all ports now again like the network load

ports now again like the network load balancer you can use either tcp or udp

balancer you can use either tcp or udp and so that's pretty much all i had to

and so that's pretty much all i had to cover with this lesson on low balancing

cover with this lesson on low balancing please remember that for the exam you

please remember that for the exam you will need to know the differences

will need to know the differences between them all

between them all in my experience there are a few

in my experience there are a few questions that come up on the exam where

questions that come up on the exam where you will need to know what low balancer

you will need to know what low balancer to use and so a good idea might be to

to use and so a good idea might be to dive into the console and have a look at

dive into the console and have a look at the options as well as going back

the options as well as going back through this lesson as a refresher to

through this lesson as a refresher to understand each use case this is also a

understand each use case this is also a crucial component in any environment

crucial component in any environment that is used especially when serving

that is used especially when serving applications to the internet for any

applications to the internet for any three-tier web application or kubernetes

three-tier web application or kubernetes cluster and so that pretty much sums up

cluster and so that pretty much sums up this lesson on low balancing so you can

this lesson on low balancing so you can now mark this lesson as complete and

now mark this lesson as complete and let's move on to the next one

welcome back in this lesson i will be going into depth on instance groups

going into depth on instance groups along with instance templates instance

along with instance templates instance groups are a great way to set up a group

groups are a great way to set up a group of identical servers used in conjunction

of identical servers used in conjunction with instance groups instance templates

with instance groups instance templates handles the instance properties to

handles the instance properties to deploy the instance groups into your

deploy the instance groups into your environment this lesson will dive into

environment this lesson will dive into the details of the features use cases

the details of the features use cases and how instance groups and instance

and how instance groups and instance templates work together to create a

templates work together to create a highly scalable and performing

highly scalable and performing environment now there's a lot to cover

environment now there's a lot to cover here so with that being said let's dive

here so with that being said let's dive in now an instance group is a collection

in now an instance group is a collection of vm instances that you can manage as a

of vm instances that you can manage as a single entity compute engine offers two

single entity compute engine offers two kinds of vm instance groups managed and

kinds of vm instance groups managed and unmanaged manage instance groups or migs

unmanaged manage instance groups or migs let you operate applications on multiple

let you operate applications on multiple identical vms you can make your workload

identical vms you can make your workload scalable and highly available by taking

scalable and highly available by taking advantage of automated mig services like

advantage of automated mig services like auto scaling auto healing regional and

auto scaling auto healing regional and zonal deployments and automatic updating

zonal deployments and automatic updating and i'll be getting into these services

and i'll be getting into these services in just a sec now when it comes to

in just a sec now when it comes to unmanaged instance groups they also let

unmanaged instance groups they also let you low balance across a fleet of vms

you low balance across a fleet of vms but this is something that you need to

but this is something that you need to manage and i'll be going deeper into

manage and i'll be going deeper into unmanaged instance groups a bit later

unmanaged instance groups a bit later right now i wanted to take some time to

right now i wanted to take some time to go through the features and use cases of

go through the features and use cases of migs in a bit more detail for some more

migs in a bit more detail for some more context starting off with its use cases

context starting off with its use cases now migs are great for stateless serving

now migs are great for stateless serving workloads such as website front ends web

workloads such as website front ends web servers and website applications as the

servers and website applications as the application does not preserve its state

application does not preserve its state and saves no data to persistent storage

and saves no data to persistent storage all user and session data stays with the

all user and session data stays with the client and makes scaling up and down

client and makes scaling up and down quick and easy migs are also great for

quick and easy migs are also great for stateless batch workloads and these are

stateless batch workloads and these are high performance or high throughput

high performance or high throughput compute workloads such as image

compute workloads such as image processing from a queue and lastly you

processing from a queue and lastly you can build highly available stateful

can build highly available stateful workloads using stateful managed

workloads using stateful managed instance groups or stateful migs

instance groups or stateful migs stateful workloads include applications

stateful workloads include applications with stateful data or configuration such

with stateful data or configuration such as databases

as databases legacy monolith type applications and

legacy monolith type applications and long running batch computations with

long running batch computations with checkpointing you can improve uptime and

checkpointing you can improve uptime and resiliency of these types of

resiliency of these types of applications with auto healing

applications with auto healing controlled updates and multi-zone

controlled updates and multi-zone deployments while preserving each

deployments while preserving each instance's unique state including

instance's unique state including instance names persistent disks and

instance names persistent disks and metadata now that i've covered the type

metadata now that i've covered the type of workloads that are used with migs i

of workloads that are used with migs i wanted to dive into the features

wanted to dive into the features starting with auto healing

starting with auto healing now when it comes to auto healing

now when it comes to auto healing managed instance groups maintain high

managed instance groups maintain high availability of your applications by

availability of your applications by proactively keeping your instances in a

proactively keeping your instances in a running state a mig automatically

running state a mig automatically recreates an instance that is not

recreates an instance that is not running and managed instance groups also

running and managed instance groups also take care of application-based auto

take care of application-based auto healing and this improves application

healing and this improves application availability by relying on a health

availability by relying on a health check that detects things like freezing

check that detects things like freezing crashing or overloading if a health

crashing or overloading if a health check determines that an application has

check determines that an application has failed on a vm the mig auto healer

failed on a vm the mig auto healer automatically recreates that vm instance

automatically recreates that vm instance the health check used to monitor the

the health check used to monitor the migs are similar to the health checks

migs are similar to the health checks used for low balancing with a few little

used for low balancing with a few little differences low balancing health checks

differences low balancing health checks help direct traffic away from

help direct traffic away from unresponsive instances and towards

unresponsive instances and towards healthy ones these health checks cannot

healthy ones these health checks cannot recreate instances whereas mig health

recreate instances whereas mig health checks proactively signal to delete and

checks proactively signal to delete and recreate instances that become unhealthy

recreate instances that become unhealthy moving on to managed instance groups

moving on to managed instance groups regional or multi-zone feature now you

regional or multi-zone feature now you have the option of creating regional

have the option of creating regional migs or zonal migs

migs or zonal migs regional migs provide higher

regional migs provide higher availability compared to zonal migs

availability compared to zonal migs because the instances in a regional mig

because the instances in a regional mig are spread across multiple zones in a

are spread across multiple zones in a single region google recommends regional

single region google recommends regional migs over zonal migs as you can manage

migs over zonal migs as you can manage twice as many migs as zonal migs so you

twice as many migs as zonal migs so you can manage 2 000 migs instead of 1000

can manage 2 000 migs instead of 1000 you can also spread your application

you can also spread your application load across multiple zones instead of a

load across multiple zones instead of a single zone or managing multiple zonal

single zone or managing multiple zonal migs across different zones and this

migs across different zones and this protects against zonal failures and

protects against zonal failures and unforeseen scenarios where an entire

unforeseen scenarios where an entire group of instances in a single zone

group of instances in a single zone malfunctions in the case of a zonal

malfunctions in the case of a zonal failure or if a group of instances in a

failure or if a group of instances in a zone stops responding a regional mig

zone stops responding a regional mig continues supporting your instances by

continues supporting your instances by continuing to serve traffic to the

continuing to serve traffic to the instances in the remaining zones now

instances in the remaining zones now cloud low balancing can use instance

cloud low balancing can use instance groups to serve traffic so you can add

groups to serve traffic so you can add instance groups to a target pool or to a

instance groups to a target pool or to a back end an instance group is a type of

back end an instance group is a type of back end and the instances in the

back end and the instances in the instance group respond to traffic from

instance group respond to traffic from the load balancer the back end service

the load balancer the back end service in turn knows which instances it can use

in turn knows which instances it can use and how much traffic they can handle and

and how much traffic they can handle and how much traffic they are currently

how much traffic they are currently handling in addition the back-end

handling in addition the back-end service monitors health checking and

service monitors health checking and does not send new connections to

does not send new connections to unhealthy instances now when your

unhealthy instances now when your applications require additional compute

applications require additional compute resources migs support auto scaling that

resources migs support auto scaling that dynamically add or remove instances from

dynamically add or remove instances from the mig in response to an increase or

the mig in response to an increase or decrease in load you can turn on auto

decrease in load you can turn on auto scaling and configure an auto scaling

scaling and configure an auto scaling policy to specify how you want the group

policy to specify how you want the group to scale not only will auto scaling

to scale not only will auto scaling scale up to meet the load demands but

scale up to meet the load demands but will also shrink and remove instances as

will also shrink and remove instances as the load decreases to reduce your costs

the load decreases to reduce your costs auto scaling policies include scaling

auto scaling policies include scaling based on cpu utilization load balancing

based on cpu utilization load balancing capacity and cloud monitoring metrics

capacity and cloud monitoring metrics and so when it comes to auto updating

and so when it comes to auto updating you can easily and safely deploy new

you can easily and safely deploy new versions of software to instances in a

versions of software to instances in a mig the rollout of an update happens

mig the rollout of an update happens automatically based on your

automatically based on your specifications you can also control the

specifications you can also control the speed and scope of the deployments in

speed and scope of the deployments in order to minimize disruptions to your

order to minimize disruptions to your application you can optionally perform

application you can optionally perform rolling updates as well as partial

rolling updates as well as partial rollouts for canary testing and for

rollouts for canary testing and for those who don't know rolling updates

those who don't know rolling updates allow updates to take place with zero

allow updates to take place with zero downtime by incrementally updating

downtime by incrementally updating instances with new ones as well canary

instances with new ones as well canary testing is a way to reduce risk and

testing is a way to reduce risk and validate new software by releasing

validate new software by releasing software to a small percentage of users

software to a small percentage of users with canary testing you can deliver to

with canary testing you can deliver to certain groups of users at a time and

certain groups of users at a time and this is also referred to as stage

this is also referred to as stage rollouts and this is a best practice in

rollouts and this is a best practice in devops and software development now

devops and software development now there are a few more things that i

there are a few more things that i wanted to point out that relate to migs

wanted to point out that relate to migs you can reduce the cost of your workload

you can reduce the cost of your workload by using preemptable vm instances in

by using preemptable vm instances in your instance group and when they are

your instance group and when they are deleted auto healing will bring the

deleted auto healing will bring the instances back when preemptable capacity

instances back when preemptable capacity becomes available again you can also

becomes available again you can also deploy containers to instances in

deploy containers to instances in managed instance groups when you specify

managed instance groups when you specify a container image in an instance

a container image in an instance template and is used to create a mig

template and is used to create a mig each vm is created with the container

each vm is created with the container optimized os that includes docker and

optimized os that includes docker and your container starts automatically on

your container starts automatically on each vm in the group and finally when

each vm in the group and finally when creating migs you must define the vpc

creating migs you must define the vpc network that it will reside in although

network that it will reside in although when you don't define the network google

when you don't define the network google cloud will attempt to use the default

cloud will attempt to use the default network now moving on into unmanaged

network now moving on into unmanaged instance groups for just a minute

instance groups for just a minute unmanaged instance groups can contain

unmanaged instance groups can contain heterogeneous instances and these are

heterogeneous instances and these are instances that are of mixed sizes of cpu

instances that are of mixed sizes of cpu ram as well as instance types and you

ram as well as instance types and you can add and remove these instances from

can add and remove these instances from the group whenever you choose there's a

the group whenever you choose there's a major downside to this though unmanaged

major downside to this though unmanaged instance groups do not offer auto

instance groups do not offer auto scaling auto healing rolling update

scaling auto healing rolling update support multi-zone support or the use of

support multi-zone support or the use of instance templates and are not a good

instance templates and are not a good fit for deploying highly available and

fit for deploying highly available and scalable workloads you should only use

scalable workloads you should only use unmanaged instance groups if you need to

unmanaged instance groups if you need to apply load balancing to groups of these

apply load balancing to groups of these mixed types of instances or if you need

mixed types of instances or if you need to manage the instances yourself so

to manage the instances yourself so unmanaged instance groups are designed

unmanaged instance groups are designed for very special use cases where you

for very special use cases where you will need to mix instance types in

will need to mix instance types in almost all cases you will be using

almost all cases you will be using managed instance groups as they were

managed instance groups as they were intended to capture the benefits of all

intended to capture the benefits of all the features they have to offer

the features they have to offer now in order to launch an instance group

now in order to launch an instance group into any environment you will need

into any environment you will need another resource to do this and this is

another resource to do this and this is where instance templates come into play

where instance templates come into play an instance template is a resource that

an instance template is a resource that you can use to create vm instances and

you can use to create vm instances and managed instance groups instance

managed instance groups instance templates define the machine type boot

templates define the machine type boot disk image or container image as well as

disk image or container image as well as labels and other instance properties you

labels and other instance properties you can then use an instance template to

can then use an instance template to create a mig or vm instance instance

create a mig or vm instance instance templates are an easy way to save a vm

templates are an easy way to save a vm instances configuration so you can use

instances configuration so you can use it later to recreate vms or groups of

it later to recreate vms or groups of vms an instance template

vms an instance template is a global resource that is not bound

is a global resource that is not bound to a zone or region although you can

to a zone or region although you can restrict a template to a zone by calling

restrict a template to a zone by calling out specific zonal resources now there

out specific zonal resources now there is something to note for when you are

is something to note for when you are ever using migs if you want to create a

ever using migs if you want to create a group of identical instances you must

group of identical instances you must use an instance template to create a mig

use an instance template to create a mig and is something you should always keep

and is something you should always keep in the front of mind when using migs

in the front of mind when using migs these two resources both instance

these two resources both instance templates and managed instance groups go

templates and managed instance groups go hand in hand now some other things to

hand in hand now some other things to note is that instance templates are

note is that instance templates are designed to create instances with

designed to create instances with identical configurations so you cannot

identical configurations so you cannot update an existing instance template or

update an existing instance template or change an instance template after you

change an instance template after you create it if you need to make changes to

create it if you need to make changes to the configuration

the configuration create a new instance template you can

create a new instance template you can create a template based on an existing

create a template based on an existing instance template or based on an

instance template or based on an existing instance to use an existing vm

existing instance to use an existing vm to make a template you can save the

to make a template you can save the configuration using the gcloud command

configuration using the gcloud command gcloud instance dash templates create or

gcloud instance dash templates create or to use the console you can simply go to

to use the console you can simply go to the instance templates page click on the

the instance templates page click on the template that you want to update and

template that you want to update and click on create similar the last thing

click on create similar the last thing that i wanted to point out is that you

that i wanted to point out is that you can use custom or public images in your

can use custom or public images in your instance templates and so that's pretty

instance templates and so that's pretty much all i had to cover when it comes to

much all i had to cover when it comes to instance groups and instance templates

instance groups and instance templates managed instance groups are great for

managed instance groups are great for when you're looking at high availability

when you're looking at high availability as a priority and letting migs do all

as a priority and letting migs do all the work of keeping your environment up

the work of keeping your environment up and running and so you can now mark this

and running and so you can now mark this lesson as complete and whenever you're

lesson as complete and whenever you're ready join me in the next one where we

ready join me in the next one where we go hands-on with instance groups

go hands-on with instance groups instance templates and load balancers in

instance templates and load balancers in a demo

welcome back in this demo we're going to put everything that we've learned

put everything that we've learned together in a hands-on demo called

together in a hands-on demo called managing bow ties we're going to create

managing bow ties we're going to create an instance template and next we're

an instance template and next we're going to use it to create an instance

going to use it to create an instance group we're then going to create a low

group we're then going to create a low balancer with a new back end and create

balancer with a new back end and create some health checks along the way we're

some health checks along the way we're then going to verify that all instances

then going to verify that all instances are working by browsing to the load

are working by browsing to the load balancer ip and verifying the website

balancer ip and verifying the website application we're then going to stress

application we're then going to stress test one of the instances to simulate a

test one of the instances to simulate a scale out using auto scaling and then

scale out using auto scaling and then we're going to simulate scaling the

we're going to simulate scaling the instance group back in now there's quite

instance group back in now there's quite a bit to do here so with that being said

a bit to do here so with that being said let's dive in so here i am logged in as

let's dive in so here i am logged in as tony bowties at gmail.com under project

tony bowties at gmail.com under project bowtie inc and so the first thing that

bowtie inc and so the first thing that you want to do is you want to make sure

you want to do is you want to make sure that you have a default vpc network

that you have a default vpc network already created and so just to double

already created and so just to double check i'm going to go over to the

check i'm going to go over to the navigation menu i'm going to scroll down

navigation menu i'm going to scroll down to vpc network

to vpc network and yes i do have a default vpc network

and yes i do have a default vpc network so i'm going to go ahead and start

so i'm going to go ahead and start creating my resources and so now what i

creating my resources and so now what i want to do is i want to create my

want to do is i want to create my instance template and so in order to do

instance template and so in order to do that i'm going to go back up to the

that i'm going to go back up to the navigation menu i'm going to go down to

navigation menu i'm going to go down to compute engine and go up to instance

compute engine and go up to instance templates as you can see i currently

templates as you can see i currently have no instance templates and yours

have no instance templates and yours should look the same and so you can go

should look the same and so you can go ahead and click on create instance

ahead and click on create instance template and so just as a note there are

template and so just as a note there are no monthly costs associated with

no monthly costs associated with instance templates but this estimate

instance templates but this estimate here on the right is to show you the

here on the right is to show you the cost of each instance you will be

cost of each instance you will be creating with this template okay so

creating with this template okay so getting right into it i'm going to name

getting right into it i'm going to name this instance template

this instance template bowtie template and since we're spinning

bowtie template and since we're spinning up a lot of vms you want to be conscious

up a lot of vms you want to be conscious on costs and so under series you're

on costs and so under series you're going to click on the drop down and

going to click on the drop down and you're going to select n1 and under

you're going to select n1 and under machine type you're going to select f1

machine type you're going to select f1 micro and this is the smallest instance

micro and this is the smallest instance type as well as the cheapest within

type as well as the cheapest within google cloud you can go ahead and scroll

google cloud you can go ahead and scroll down right to the bottom here under

down right to the bottom here under firewall you want to check off allow

firewall you want to check off allow http traffic next you want to select

http traffic next you want to select management security disks networking and

management security disks networking and sold tenancy you scroll down a little

sold tenancy you scroll down a little bit and under startup script you're

bit and under startup script you're going to paste in the script that's

going to paste in the script that's available in the repo and you will find

available in the repo and you will find a link to this script and the repo in

a link to this script and the repo in the lesson text and so you can leave all

the lesson text and so you can leave all the other options as its default and

the other options as its default and simply click on create it's going to

simply click on create it's going to take a couple minutes here okay and the

take a couple minutes here okay and the instance template is ready and so the

instance template is ready and so the next step that you want to do is create

next step that you want to do is create an instance group and as i said in a

an instance group and as i said in a previous lesson in order to create an

previous lesson in order to create an instance group you need an instance

instance group you need an instance template hence why we made the instance

template hence why we made the instance template first okay and our instance

template first okay and our instance template has been created and so now

template has been created and so now that you've created your instance

that you've created your instance template you can head on over to

template you can head on over to instance groups here in the left hand

instance groups here in the left hand menu and as expected there are no

menu and as expected there are no instance groups and so you can go ahead

instance groups and so you can go ahead and click on the big blue button and

and click on the big blue button and create an instance group you're going to

create an instance group you're going to make sure that new managed instance

make sure that new managed instance group stateless is selected and here you

group stateless is selected and here you have the option of choosing a stateful

have the option of choosing a stateful instance group as well as an unmanaged

instance group as well as an unmanaged instance group and so we're going to

instance group and so we're going to keep things stateless and so for the

keep things stateless and so for the name of the instance group you can

name of the instance group you can simply call this bowtie group i'm going

simply call this bowtie group i'm going to use the same name in the description

to use the same name in the description and under location you want to check off

and under location you want to check off multiple zones in under region you want

multiple zones in under region you want to select us east one and if you click

to select us east one and if you click on configure zones you can see here that

on configure zones you can see here that you can select all the different zones

you can select all the different zones that's available in that region that you

that's available in that region that you choose to have your instances in and so

choose to have your instances in and so i'm going to keep it under all three

i'm going to keep it under all three zones i'm going to scroll down here a

zones i'm going to scroll down here a little bit and under instance template

little bit and under instance template you should see bow tie template you can

you should see bow tie template you can select that you can scroll down a little

select that you can scroll down a little bit more and here under minimum number

bit more and here under minimum number of instances you want to set the minimum

of instances you want to set the minimum number of instances to 3 and under

number of instances to 3 and under maximum number of instances you want to

maximum number of instances you want to set that to 6 and so this is going to be

set that to 6 and so this is going to be double the amount of the minimum number

double the amount of the minimum number of instances so when you're scaled out

of instances so when you're scaled out you should have a maximum of 6 instances

you should have a maximum of 6 instances and when you're scaled in or you have

and when you're scaled in or you have very low traffic you should only have

very low traffic you should only have three instances so you can scroll down

three instances so you can scroll down some more and under auto healing you

some more and under auto healing you want to select the health check and

want to select the health check and you're going to go ahead and create a

you're going to go ahead and create a new health check under name you can call

new health check under name you can call this healthy bow ties i'm going to use

this healthy bow ties i'm going to use the same for the description and i'm

the same for the description and i'm going to leave the rest as its default

going to leave the rest as its default and go down and click on save and

and go down and click on save and continue i'm going to scroll down some

continue i'm going to scroll down some more and i'm going to leave the rest as

more and i'm going to leave the rest as is and simply click on create and it's

is and simply click on create and it's going to take a couple minutes here and

going to take a couple minutes here and so i'm going to pause the video and i'll

so i'm going to pause the video and i'll be back in a flash okay and my instance

be back in a flash okay and my instance group has been created and so to get a

group has been created and so to get a better look at it i'm going to click on

better look at it i'm going to click on bow tie group and i can see here that

bow tie group and i can see here that three instances have been created if i

three instances have been created if i go up to vm instances you can see here

go up to vm instances you can see here that i have three instances but under

that i have three instances but under instance groups because i have health

instance groups because i have health check enabled it shows that my instances

check enabled it shows that my instances are unhealthy and this is because i

are unhealthy and this is because i still need to create a firewall rule

still need to create a firewall rule that will allow google's health check

that will allow google's health check probes to reach my vm instances and so

probes to reach my vm instances and so you're going to go ahead and create that

you're going to go ahead and create that firewall rule so you can bring the

firewall rule so you can bring the health check status up to healthy so i'm

health check status up to healthy so i'm going to go over to the navigation menu

going to go over to the navigation menu and scroll down to vpc network and go

and scroll down to vpc network and go over to firewall here under firewall as

over to firewall here under firewall as expected you have the default firewall

expected you have the default firewall rules from the default created vpc

rules from the default created vpc network and so i'm going to go up to

network and so i'm going to go up to create firewall and you can name this

create firewall and you can name this firewall rule allow health check i'm

firewall rule allow health check i'm going to use the same for the

going to use the same for the description i'm going to scroll down

description i'm going to scroll down here a little bit and under targets i'm

here a little bit and under targets i'm going to select all instances in the

going to select all instances in the network source filter i'm going to leave

network source filter i'm going to leave as i p ranges and so here under source i

as i p ranges and so here under source i p ranges i want to enter in the ip

p ranges i want to enter in the ip addresses for the google cloud health

addresses for the google cloud health check probes and you can find these in

check probes and you can find these in the documentation and i will also be

the documentation and i will also be supplying them in the instructions and

supplying them in the instructions and there are two sets of ip addresses that

there are two sets of ip addresses that need to be entered and just as a note

need to be entered and just as a note you don't need to know this for the exam

you don't need to know this for the exam but it's always a good to know if you're

but it's always a good to know if you're ever adding health checks to any of your

ever adding health checks to any of your instances i'm going to scroll down a

instances i'm going to scroll down a little bit to protocols and ports and

little bit to protocols and ports and under tcp i'm going to check it off and

under tcp i'm going to check it off and put in port 80. that's pretty much all

put in port 80. that's pretty much all you have to do here so whenever you

you have to do here so whenever you entered all that information in you can

entered all that information in you can simply click on create and so now i have

simply click on create and so now i have a firewall rule that will allow health

a firewall rule that will allow health checks to be done and so it may take a

checks to be done and so it may take a minute or two but if i head back on over

minute or two but if i head back on over to my compute engine instances and go

to my compute engine instances and go over to my instance groups

over to my instance groups i'll be able to see that all my

i'll be able to see that all my instances are now healthy and so

instances are now healthy and so whenever you're creating instance groups

whenever you're creating instance groups and you're applying health checks this

and you're applying health checks this firewall rule is necessary so please be

firewall rule is necessary so please be aware okay so now that we've created our

aware okay so now that we've created our instance templates we've created our

instance templates we've created our instance groups and we created a

instance groups and we created a firewall rule in order to satisfy health

firewall rule in order to satisfy health checks we can now move on to the next

checks we can now move on to the next step which is creating the load balancer

step which is creating the load balancer so i'm going to go back up to the

so i'm going to go back up to the navigation menu and i'm going to scroll

navigation menu and i'm going to scroll down to network services and over to

down to network services and over to load balancing and as expected there are

load balancing and as expected there are no load balancers created and so

no load balancers created and so whenever you're ready you can click on

whenever you're ready you can click on the big blue button and create a new low

the big blue button and create a new low balancer here you have the option of

balancer here you have the option of creating an http or https load balancer

creating an http or https load balancer along with a tcp load balancer or a udp

along with a tcp load balancer or a udp load balancer and because we're serving

load balancer and because we're serving external traffic on port 80 we're going

external traffic on port 80 we're going to use the http load balancer so you can

to use the http load balancer so you can click on start configuration and i'm

click on start configuration and i'm being prompted to decide between

being prompted to decide between internet facing or internal only and

internet facing or internal only and you're going to be accepting traffic

you're going to be accepting traffic from the internet to your load bouncer

from the internet to your load bouncer so make sure that from internet to my

so make sure that from internet to my vms is checked off and simply click

vms is checked off and simply click continue and so next you will be

continue and so next you will be prompted with a page with a bunch of

prompted with a page with a bunch of configurations that you can enter and so

configurations that you can enter and so we'll get to that in just a second but

we'll get to that in just a second but first we need to name our load balancer

first we need to name our load balancer and so i'm going to call this

and so i'm going to call this bowtie dash lb for low balancer and so

bowtie dash lb for low balancer and so next step for your load balancer is you

next step for your load balancer is you need to configure a back end so you can

need to configure a back end so you can click on back end configuration and here

click on back end configuration and here you have the option of selecting from

you have the option of selecting from back-end services or back-end buckets so

back-end services or back-end buckets so you're going to go ahead and click on

you're going to go ahead and click on back-end services and create a back-end

back-end services and create a back-end service and here you will be prompted

service and here you will be prompted with a bunch of fields to fill out in

with a bunch of fields to fill out in order to create your back-end service

order to create your back-end service and you can go ahead and name the

and you can go ahead and name the backend service as bowtie backend

backend service as bowtie backend service back-end type is going to be

service back-end type is going to be instance group and you can leave the

instance group and you can leave the protocol named port and timeout as is as

protocol named port and timeout as is as we're going to be using http under

we're going to be using http under instance group in new back-end if you

instance group in new back-end if you select the drop-down you should see your

select the drop-down you should see your available bow tie group instance group

available bow tie group instance group select that

select that scroll down a little bit and under port

scroll down a little bit and under port numbers you can enter in port 80 and you

numbers you can enter in port 80 and you can leave all the other options as

can leave all the other options as default and simply click on done and so

default and simply click on done and so if you're ever interested you can always

if you're ever interested you can always add a cache using cloud cdn now i know

add a cache using cloud cdn now i know we haven't gone through cloud cdn in

we haven't gone through cloud cdn in this course but just know that this is

this course but just know that this is google's content delivery network and it

google's content delivery network and it uses google's global edge network to

uses google's global edge network to serve content closer to users and this

serve content closer to users and this accelerates your websites and your

accelerates your websites and your applications and delivers a better user

applications and delivers a better user experience for your user okay and moving

experience for your user okay and moving on here under health check if i click on

on here under health check if i click on the drop down you should see healthy bow

the drop down you should see healthy bow ties you can select that for your health

ties you can select that for your health check and so just as a note here under

check and so just as a note here under advanced configurations you can set your

advanced configurations you can set your session affinity your connection

session affinity your connection draining timeout as well as request and

draining timeout as well as request and response headers and so we don't need

response headers and so we don't need any of that for this demo and so i'm

any of that for this demo and so i'm going to go ahead and collapse this and

going to go ahead and collapse this and once you've finished filling in all the

once you've finished filling in all the fields you can simply click on create

fields you can simply click on create okay and so you should now have your

okay and so you should now have your back end configuration and your host and

back end configuration and your host and path rules configured and so the only

path rules configured and so the only thing that's left to configure is the

thing that's left to configure is the front end so you can go up and click on

front end so you can go up and click on front-end configuration and you can name

front-end configuration and you can name your front-end bowtie front-end service

your front-end bowtie front-end service gonna keep the protocols http and here

gonna keep the protocols http and here is where you would select the network

is where you would select the network service tier choosing either premium or

service tier choosing either premium or standard and if you remember in the load

standard and if you remember in the load balancing lesson in order to use this as

balancing lesson in order to use this as a global load balancer i need to use a

a global load balancer i need to use a premium tier okay and we're going to

premium tier okay and we're going to keep this as ipv4 with an ephemeral ip

keep this as ipv4 with an ephemeral ip address on port 80 so once you've

address on port 80 so once you've finished configuring the front end you

finished configuring the front end you can simply click on done and you can go

can simply click on done and you can go and click on review and finalize and

and click on review and finalize and this will give you a summary on your

this will give you a summary on your configuration and so i'm happy with the

configuration and so i'm happy with the way everything's configured and if you

way everything's configured and if you are as well you can simply click on

are as well you can simply click on create and this may take a minute or two

create and this may take a minute or two but it will create your low balancer

but it will create your low balancer along with your back end and your front

along with your back end and your front end so again i'm going to pause the

end so again i'm going to pause the video here for just a minute and i'll be

video here for just a minute and i'll be back before you can say cat in the hat

back before you can say cat in the hat okay and my load balancer has been

okay and my load balancer has been created and to get a little bit more

created and to get a little bit more details i'm going to drill down into it

details i'm going to drill down into it and i can see here the details of my

and i can see here the details of my load balancer along with my monitoring

load balancer along with my monitoring and any caching but i don't have any

and any caching but i don't have any caching enabled and therefore nothing is

caching enabled and therefore nothing is showing so going back to the details i

showing so going back to the details i can see here that i have a new ip

can see here that i have a new ip address for my load balancer and i'll be

address for my load balancer and i'll be getting into that in just a minute i'm

getting into that in just a minute i'm going to go back here and i'm going to

going to go back here and i'm going to check out my back ends click on bow tie

check out my back ends click on bow tie back end service and here i can see the

back end service and here i can see the requests per second as well as my

requests per second as well as my configuration and if you do see this

configuration and if you do see this caution symbol here showing that some of

caution symbol here showing that some of your instances are unhealthy it's only

your instances are unhealthy it's only because the low balancer needs time to

because the low balancer needs time to do a full health check on all the

do a full health check on all the instances in the instance group and so

instances in the instance group and so this will take some time okay and so i'm

this will take some time okay and so i'm going to go back over and check out my

going to go back over and check out my front end and there's nothing to drill

front end and there's nothing to drill down into with the front end service but

down into with the front end service but it does show me my scope the address the

it does show me my scope the address the protocol

protocol network tier and the low balancer itself

network tier and the low balancer itself so this is the end of part one of this

so this is the end of part one of this demo it was getting a bit long so i

demo it was getting a bit long so i decided to break it up this would be a

decided to break it up this would be a great opportunity for you to get up have

great opportunity for you to get up have a stretch get yourself a coffee or tea

a stretch get yourself a coffee or tea and whenever you're ready part two will

and whenever you're ready part two will be starting immediately from the end of

be starting immediately from the end of part one so you can now mark this as

part one so you can now mark this as complete and i'll see you in part two

this is part two of the managing bow ties demo and we will be starting

ties demo and we will be starting exactly where we left off in part one so

exactly where we left off in part one so with that being said let's dive in and

with that being said let's dive in and so before you move forward you want to

so before you move forward you want to make sure that all your instances are

make sure that all your instances are considered healthy by your load balancer

considered healthy by your load balancer and as i can see here all my instances

and as i can see here all my instances in my instance group are considered

in my instance group are considered healthy by the load balancer and so just

healthy by the load balancer and so just to verify this i'm going to go ahead and

to verify this i'm going to go ahead and copy the i p address and you can open up

copy the i p address and you can open up a new tab in your browser and simply

a new tab in your browser and simply paste it in

paste it in and success as you can see here managing

and success as you can see here managing the production of many bow ties can be

the production of many bow ties can be automated but managing the wearer of

automated but managing the wearer of them definitely cannot another fine

them definitely cannot another fine message from the people at bow tie inc

message from the people at bow tie inc now although this is a simple web page i

now although this is a simple web page i used a couple variables just to show you

used a couple variables just to show you the low balancing that happens in the

the low balancing that happens in the background and traffic will be load

background and traffic will be load balanced in between all of the instances

balanced in between all of the instances in the instance group so if you click on

in the instance group so if you click on refresh then you should see the machine

refresh then you should see the machine name and the data center change so every

name and the data center change so every time i click refresh the traffic will be

time i click refresh the traffic will be routed to a different instance in a

routed to a different instance in a different zone and so a simple

different zone and so a simple simulation on how traffic is low balance

simulation on how traffic is low balance between the different instances in their

between the different instances in their different zones okay so now that we've

different zones okay so now that we've verified the website application i'm

verified the website application i'm going to close down this tab and so now

going to close down this tab and so now that we've created our instance template

that we've created our instance template we've created our instance group and

we've created our instance group and we've created our low balancer with the

we've created our low balancer with the back end and front end service and it

back end and front end service and it looks like everything seems to be

looks like everything seems to be working together nicely we're going to

working together nicely we're going to go ahead and simulate a scale out using

go ahead and simulate a scale out using auto scaling and so in order to simulate

auto scaling and so in order to simulate this we're going to do a stress test on

this we're going to do a stress test on one of the instances so i'm going to

one of the instances so i'm going to head back on over to the navigation menu

head back on over to the navigation menu scroll down to compute engine and here

scroll down to compute engine and here you can ssh into any one of these

you can ssh into any one of these instances and run the stress test from

instances and run the stress test from there so i'm going to pick here the one

there so i'm going to pick here the one at the top and so whenever you're logged

at the top and so whenever you're logged in you can simply paste in the command

in you can simply paste in the command that i've included in the instructions

that i've included in the instructions that will run the stress test and so

that will run the stress test and so this is a stress test application called

this is a stress test application called stress that was included in the startup

stress that was included in the startup script and this again will put stress on

script and this again will put stress on the server itself and trigger a scale

the server itself and trigger a scale out to handle the load and it'll do this

out to handle the load and it'll do this for 30 seconds so you can go ahead and

for 30 seconds so you can go ahead and hit enter and head back over to the

hit enter and head back over to the console and in about a minute or two you

console and in about a minute or two you should see some new instances that will

should see some new instances that will be created by your instance group in

be created by your instance group in order to handle the load okay and after

order to handle the load okay and after about a couple minutes it's showing here

about a couple minutes it's showing here that instances are being created and it

that instances are being created and it will be scaling out to the maximum

will be scaling out to the maximum amount of instances that i've set it to

amount of instances that i've set it to which is six i'm going to drill down

which is six i'm going to drill down into this

into this and yes a scale out is happening and

and yes a scale out is happening and some new instances are being created to

some new instances are being created to handle the load so i'm going to give it

handle the load so i'm going to give it just a minute here okay and as you can

just a minute here okay and as you can see here all the instances have been

see here all the instances have been created they've been added to the

created they've been added to the instance group and all of them are

instance group and all of them are marked as healthy and so just to verify

marked as healthy and so just to verify that all the instances are working i'm

that all the instances are working i'm going to go ahead and open up a new tab

going to go ahead and open up a new tab i'm going to plug in the ip address on

i'm going to plug in the ip address on my load balancer and i'm going to simply

my load balancer and i'm going to simply cycle through all these instances to

cycle through all these instances to make sure that all them are working and

make sure that all them are working and it looks like i have no issues and so

it looks like i have no issues and so now that you've simulated a scale out i

now that you've simulated a scale out i wanted to go ahead and run a scale in

wanted to go ahead and run a scale in and so i'm first going to close up these

and so i'm first going to close up these tabs now with regards to scaling there

tabs now with regards to scaling there is a 10 minute stabilization period that

is a 10 minute stabilization period that cannot be adjusted for scaling and this

cannot be adjusted for scaling and this is a built-in feature into google cloud

is a built-in feature into google cloud now because i respect your time as a

now because i respect your time as a student i'm going to show you a work

student i'm going to show you a work around to trigger a scale in sooner

around to trigger a scale in sooner strictly for this demo and i also wanted

strictly for this demo and i also wanted to caution that this should never be

to caution that this should never be done in a production or production-like

done in a production or production-like environment you should always wait for

environment you should always wait for the scaling to happen on its own and

the scaling to happen on its own and never force it this method is being used

never force it this method is being used strictly for learning purposes to save

strictly for learning purposes to save you some time and so i'm going to go

you some time and so i'm going to go ahead to the top menu and click on

ahead to the top menu and click on rolling restart and replace and this

rolling restart and replace and this will bring up a new page where you will

will bring up a new page where you will have the option to either restart or

have the option to either restart or replace any instances in your instance

replace any instances in your instance group and so for your purposes under

group and so for your purposes under operation make sure that you have

operation make sure that you have restart checked off and this will

restart checked off and this will restart all of your instances and only

restart all of your instances and only bring up the ones that are needed so i'm

bring up the ones that are needed so i'm going to go ahead and click on restart

going to go ahead and click on restart i'm going to go back to my instance

i'm going to go back to my instance group console and i'm just going to give

group console and i'm just going to give this a few minutes to cook and i'll be

this a few minutes to cook and i'll be right back in a flash okay so it looks

right back in a flash okay so it looks like the instance group has scaled in

like the instance group has scaled in and we are now down left to three

and we are now down left to three instances the minimum that we configured

instances the minimum that we configured for our instance group and so that

for our instance group and so that pretty much covers the managing bow ties

pretty much covers the managing bow ties demo so i wanted to congratulate you on

demo so i wanted to congratulate you on making it through this demo and i hope

making it through this demo and i hope that this has been extremely useful in

that this has been extremely useful in excelling your knowledge on managing

excelling your knowledge on managing instance templates managed instance

instance templates managed instance groups and creating load balancers with

groups and creating load balancers with back-end and front-end services now this

back-end and front-end services now this was a jam-packed demo and there was a

was a jam-packed demo and there was a lot to pack in with everything you've

lot to pack in with everything you've learned from the last few lessons and so

learned from the last few lessons and so just as a recap you created an instance

just as a recap you created an instance template with your startup script you

template with your startup script you then created a new instance group with a

then created a new instance group with a health check to go with it configuring

health check to go with it configuring auto scaling for a minimum of three

auto scaling for a minimum of three instances you then created a firewall

instances you then created a firewall rule so that the health check probes

rule so that the health check probes were able to connect to the application

were able to connect to the application and you then created a load balancer

and you then created a load balancer with its back end and front-end service

with its back end and front-end service and verified that the website

and verified that the website application was indeed up and running

application was indeed up and running you then ran a stress test to allow a

you then ran a stress test to allow a simulation of a scale out of your

simulation of a scale out of your instance group and then simulated a

instance group and then simulated a scale in of your instance group great

scale in of your instance group great job and so now that we've completed this

job and so now that we've completed this demo you want to make sure that you're

demo you want to make sure that you're not accumulating any unnecessary costs

not accumulating any unnecessary costs and so i'm going to go ahead and walk

and so i'm going to go ahead and walk you through the breakdown of deleting

you through the breakdown of deleting all these resources so first you're

all these resources so first you're going to go ahead and delete the load

going to go ahead and delete the load balancer go back up to the navigation

balancer go back up to the navigation menu and scroll down to network services

menu and scroll down to network services and go over to load balancing so i'm

and go over to load balancing so i'm going to go ahead and check off bow tie

going to go ahead and check off bow tie lb and simply go up to the top and click

lb and simply go up to the top and click on delete it's going to ask me if i'm

on delete it's going to ask me if i'm sure i want to do this i'm also going to

sure i want to do this i'm also going to select bow tie back end service and i

select bow tie back end service and i can delete my load balancer and my back

can delete my load balancer and my back end service all at once i'm going to go

end service all at once i'm going to go ahead and delete load balancer and the

ahead and delete load balancer and the selected resources

selected resources and this should clear up within a few

and this should clear up within a few seconds okay and our load balancer has

seconds okay and our load balancer has been deleted i'm going to just go up

been deleted i'm going to just go up here to the back end make sure

here to the back end make sure everything's good yeah we're all clean

everything's good yeah we're all clean same thing with front end and so now you

same thing with front end and so now you can move on to instance groups so i'm

can move on to instance groups so i'm going to head back up to the navigation

going to head back up to the navigation menu go down a compute engine and go up

menu go down a compute engine and go up to instance groups and here you can just

to instance groups and here you can just simply check off bow tie group and

simply check off bow tie group and simply click on delete

simply click on delete you're going to be prompted with a

you're going to be prompted with a notification to make sure you want to

notification to make sure you want to delete bow tie group yes i want to

delete bow tie group yes i want to delete and again this should take about

delete and again this should take about a minute okay it actually took a couple

a minute okay it actually took a couple minutes but my instance group has been

minutes but my instance group has been deleted and so now i'm going to go over

deleted and so now i'm going to go over to instance templates and i'm going to

to instance templates and i'm going to delete my template and check off bow tie

delete my template and check off bow tie template and simply click delete you're

template and simply click delete you're going to get a prompt to make sure you

going to get a prompt to make sure you want to delete your instance template

want to delete your instance template yes you want to delete

yes you want to delete and success you've now deleted all your

and success you've now deleted all your resources although there is one more

resources although there is one more resource that you will not be billed for

resource that you will not be billed for but since we're cleaning everything up

but since we're cleaning everything up we might as well clean that up as well

we might as well clean that up as well and this is the firewall rule that we

and this is the firewall rule that we created and go over to the navigation

created and go over to the navigation menu and scroll down to vpc network

menu and scroll down to vpc network i'm going to go to firewall here on the

i'm going to go to firewall here on the left hand menu and here i'm going to

left hand menu and here i'm going to check off the allow health check

check off the allow health check firewall rule and simply click on delete

firewall rule and simply click on delete i'm going to get a prompt to make sure

i'm going to get a prompt to make sure that i want to delete it yes you want to

that i want to delete it yes you want to delete i'm going to quickly hit refresh

delete i'm going to quickly hit refresh and yes we've deleted it and so this

and yes we've deleted it and so this concludes the end of this demo so you

concludes the end of this demo so you can now mark this as complete and i'll

can now mark this as complete and i'll see you in the next one

welcome back in this next section we will be focusing on google cloud's

will be focusing on google cloud's premier container orchestration service

premier container orchestration service called kubernetes but before we can dive

called kubernetes but before we can dive right into kubernetes and the benefits

right into kubernetes and the benefits that it gives to containers you'll need

that it gives to containers you'll need an understanding as to what containers

an understanding as to what containers are and what value containers provide in

are and what value containers provide in this lesson i will be covering the

this lesson i will be covering the difference between virtual machines and

difference between virtual machines and containers what containers are how they

containers what containers are how they work and the value proposition they

work and the value proposition they bring so with that being said let's dive

bring so with that being said let's dive in

in now for those of you who didn't know

now for those of you who didn't know container technology gets its name from

container technology gets its name from the shipping industry products get

the shipping industry products get placed into standardized shipping

placed into standardized shipping containers which are designed to fit

containers which are designed to fit into the ship that accommodates the

into the ship that accommodates the container's standard size instead of

container's standard size instead of having various sizes of packaging now by

having various sizes of packaging now by standardizing this process and keeping

standardizing this process and keeping the items together the container can be

the items together the container can be moved as a unit and it costs less to do

moved as a unit and it costs less to do it this way as well the standardization

it this way as well the standardization allows for consistency when packing and

allows for consistency when packing and moving the containers placing them on

moving the containers placing them on ships and docks as well as storage no

ships and docks as well as storage no matter where the container is it always

matter where the container is it always stays the same size and the contents

stays the same size and the contents stay isolated from all the other

stay isolated from all the other containers that they are stacked with

containers that they are stacked with and so now before we get into the

and so now before we get into the details of containers i wanted to cover

details of containers i wanted to cover how we got here and why

how we got here and why so a great way to discuss containers is

so a great way to discuss containers is through their comparison to virtual

through their comparison to virtual machines now as we discussed in a

machines now as we discussed in a previous lesson when it comes to vms the

previous lesson when it comes to vms the systems are virtualized through a

systems are virtualized through a hypervisor that sits on top of the

hypervisor that sits on top of the underlying host infrastructure the

underlying host infrastructure the underlying hardware is virtualized so

underlying hardware is virtualized so that multiple operating system instances

that multiple operating system instances can run on the hardware each vm runs its

can run on the hardware each vm runs its own operating system and has access to

own operating system and has access to virtualized resources representing the

virtualized resources representing the underlying hardware due to this process

underlying hardware due to this process vms come with the cost of large overhead

vms come with the cost of large overhead in cpu memory and disk as well can be

in cpu memory and disk as well can be very large due to the fact that each vm

very large due to the fact that each vm needs its own individual operating

needs its own individual operating system there also lacks standardization

system there also lacks standardization between each vm making them unique due

between each vm making them unique due to the os configuration the software

to the os configuration the software installed and the software libraries

installed and the software libraries thus not making it very portable to be

thus not making it very portable to be able to run in any environment now when

able to run in any environment now when dealing with containers things are run

dealing with containers things are run very differently the underlying host

very differently the underlying host infrastructure is still there but

infrastructure is still there but instead of just using a hypervisor and

instead of just using a hypervisor and abstracting the underlying hardware

abstracting the underlying hardware containerization takes it one step

containerization takes it one step further and abstracts the operating

further and abstracts the operating system

system thus

thus leaving the application with all of its

leaving the application with all of its dependencies in a neatly packaged

dependencies in a neatly packaged standardized container this is done by

standardized container this is done by installing the operating system on top

installing the operating system on top of the host infrastructure

of the host infrastructure and then a separate layer on top of the

and then a separate layer on top of the host operating system called the

host operating system called the container engine now instead of having

container engine now instead of having their own operating system the

their own operating system the containers share the operating system

containers share the operating system kernel with other containers

kernel with other containers while operating independently

while operating independently running just the application code and

running just the application code and the dependencies needed to run that

the dependencies needed to run that application this allows each container

application this allows each container to consume very little memory or disk

to consume very little memory or disk making containers very lightweight

making containers very lightweight efficient and portable containerized

efficient and portable containerized applications can start in seconds and

applications can start in seconds and many more instances of the application

many more instances of the application can fit onto the machine compared to a

can fit onto the machine compared to a vm environment this container can now be

vm environment this container can now be brought over to other environments

brought over to other environments running docker and able to run without

running docker and able to run without having the worries of running into

having the worries of running into issues of compatibility now although

issues of compatibility now although there are a few different container

there are a few different container engines out there the one that has

engines out there the one that has received the most popularity is docker

received the most popularity is docker and this is the engine that we will be

and this is the engine that we will be referring to for the remainder of this

referring to for the remainder of this course now a docker image is a

course now a docker image is a collection or stack of layers that are

collection or stack of layers that are created from sequential instructions on

created from sequential instructions on a docker file so each line in the

a docker file so each line in the dockerfile is run line by line and a

dockerfile is run line by line and a unique read-only layer is written to the

unique read-only layer is written to the image what makes docker images unique is

image what makes docker images unique is that each time you add another

that each time you add another instruction in the docker file a new

instruction in the docker file a new layer is created now going through a

layer is created now going through a practical example here shown on the

practical example here shown on the right is a docker file and we will be

right is a docker file and we will be able to map each line of code to a layer

able to map each line of code to a layer shown on the docker image on the left

shown on the docker image on the left the line marked from

the line marked from shows the base image that the image will

shows the base image that the image will be using the example shown here shows

be using the example shown here shows that the ubuntu image version 12.04

that the ubuntu image version 12.04 will be used next the run instruction is

will be used next the run instruction is used which will perform a general update

used which will perform a general update install apache 2 and output a message to

install apache 2 and output a message to be displayed that is written to the

be displayed that is written to the index.html file next up is the working

index.html file next up is the working directories and these are the

directories and these are the environment variables set by using an

environment variables set by using an env instruction and this will help run

env instruction and this will help run the apache runtime next layer is the

the apache runtime next layer is the expose instruction and this is used to

expose instruction and this is used to expose the container's port on 8080 and

expose the container's port on 8080 and lastly the command layer is an

lastly the command layer is an instruction that is executing the apache

instruction that is executing the apache web server from its executable path and

web server from its executable path and so this is a great example of how a

so this is a great example of how a docker file is broken down from each

docker file is broken down from each line to create the layers of this image

line to create the layers of this image and so just as a note here each docker

and so just as a note here each docker image starts with a base image as well

image starts with a base image as well each line in a docker file creates a new

each line in a docker file creates a new layer that is added to the image and

layer that is added to the image and finally all the layers in a docker image

finally all the layers in a docker image are read only and cannot be changed

are read only and cannot be changed unless the docker file is adjusted to

unless the docker file is adjusted to reflect that change

reflect that change so now how do we get from a docker image

so now how do we get from a docker image to a container well a running docker

to a container well a running docker container is actually an instantiation

container is actually an instantiation of an image so containers using the same

of an image so containers using the same image are identical to each other in

image are identical to each other in terms of their application code and

terms of their application code and runtime dependencies so i could use the

runtime dependencies so i could use the same image for multiple copies of the

same image for multiple copies of the same container that have different tasks

same container that have different tasks what makes each individual container

what makes each individual container different

different is that running containers include a

is that running containers include a writable layer on top of the read-only

writable layer on top of the read-only content runtime changes including any

content runtime changes including any rights and updates to data and files are

rights and updates to data and files are saved in this read write layer so in

saved in this read write layer so in this example when using the command

this example when using the command docker run fashionista a docker

docker run fashionista a docker container will be instantiated from the

container will be instantiated from the docker image and a read write layer is

docker image and a read write layer is always added on top of the read-only

always added on top of the read-only layers when a container is created

layers when a container is created writing any necessary files that's

writing any necessary files that's needed for the application and so just

needed for the application and so just as a note here docker containers are

as a note here docker containers are always created from docker images and

always created from docker images and containers can use the same image yet

containers can use the same image yet will always have a different read write

will always have a different read write layer no matter the amount of containers

layer no matter the amount of containers running on a given host so now when your

running on a given host so now when your containers have been created you need a

containers have been created you need a place to store them and so this is where

place to store them and so this is where a container registry comes into play now

a container registry comes into play now a container registry is a single place

a container registry is a single place for you to store and manage docker

for you to store and manage docker images now when you create your docker

images now when you create your docker file and then build your image

file and then build your image you want to store that image in a

you want to store that image in a central image repository whether it be a

central image repository whether it be a private one or a public one a popular

private one or a public one a popular public container registry is docker hub

public container registry is docker hub and this is a common registry where many

and this is a common registry where many open source images can be found

open source images can be found including those used for the base layer

including those used for the base layer images like the ubuntu example that i

images like the ubuntu example that i showed you earlier and so once you have

showed you earlier and so once you have your containers in a container registry

your containers in a container registry you need to be able to run these

you need to be able to run these containers so in order to run these

containers so in order to run these containers you need docker hosts and

containers you need docker hosts and these can consist of any machine running

these can consist of any machine running the docker engine and this could be your

the docker engine and this could be your laptop

laptop server or you can run them in provided

server or you can run them in provided hosted cloud environments now this may

hosted cloud environments now this may have been a refresher for some but for

have been a refresher for some but for those of you who are new to containers i

those of you who are new to containers i hope this has given you a lot more

hope this has given you a lot more clarity on what containers are what they

clarity on what containers are what they do and the value that they bring to any

do and the value that they bring to any environment and so that's pretty much

environment and so that's pretty much all i wanted to cover on this short

all i wanted to cover on this short lesson of an introduction to containers

lesson of an introduction to containers so you can now mark this lesson as

so you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

welcome back so now that you've gotten familiar with what containers are and

familiar with what containers are and how they work i wanted to dive into

how they work i wanted to dive into google cloud's platform as a service

google cloud's platform as a service offering for containers called google

offering for containers called google kubernetes engine also known as short as

kubernetes engine also known as short as gke now although the exam goes into a

gke now although the exam goes into a more operational perspective with

more operational perspective with regards to gke knowing the foundation of

regards to gke knowing the foundation of kubernetes and the different topics of

kubernetes and the different topics of kubernetes is a must in order to

kubernetes is a must in order to understand the abstractions that take

understand the abstractions that take place with gke from regular kubernetes

place with gke from regular kubernetes in this lesson i will be getting into

in this lesson i will be getting into key topics with regards to kubernetes

key topics with regards to kubernetes and we'll be touching on the

and we'll be touching on the architecture

architecture components and how they all work

components and how they all work together to achieve the desired state

together to achieve the desired state for your containerized workloads now

for your containerized workloads now there's a lot to get into so with that

there's a lot to get into so with that being said let's dive in now before i

being said let's dive in now before i can get into gke i need to set the stage

can get into gke i need to set the stage on explaining what kubernetes is put

on explaining what kubernetes is put simply kubernetes is an orchestration

simply kubernetes is an orchestration platform for containers which was

platform for containers which was invented by google and eventually open

invented by google and eventually open source it is now maintained by the cncf

source it is now maintained by the cncf short for the cloud native computing

short for the cloud native computing foundation and has achieved incredible

foundation and has achieved incredible widespread adoption kubernetes provides

widespread adoption kubernetes provides a platform to automate schedule and run

a platform to automate schedule and run containers on clusters of physical or

containers on clusters of physical or virtual machines

virtual machines thus eliminating many of the manual

thus eliminating many of the manual processes involved in deploying and

processes involved in deploying and scaling containerized applications

scaling containerized applications kubernetes manages the containers that

kubernetes manages the containers that run the applications and ensure that

run the applications and ensure that there is no downtime in a way that you

there is no downtime in a way that you the user can define

the user can define for example if you define that when a

for example if you define that when a container goes down and another

container goes down and another container needs to start kubernetes

container needs to start kubernetes would take care of that for you

would take care of that for you automatically and seamlessly kubernetes

automatically and seamlessly kubernetes provides you with the framework to run

provides you with the framework to run distributed systems resiliently it takes

distributed systems resiliently it takes care of scaling and failover for your

care of scaling and failover for your application provides deployment patterns

application provides deployment patterns and allows you to manage your

and allows you to manage your applications with tons of flexibility

applications with tons of flexibility reliability and power it works with a

reliability and power it works with a range of container tools including

range of container tools including docker now although this adoption was

docker now although this adoption was widespread it did come with its various

widespread it did come with its various challenges this included scaling at cd

challenges this included scaling at cd load balancing availability auto scaling

load balancing availability auto scaling networking

networking rollback on faulty deployments and so

rollback on faulty deployments and so much more

much more so now google cloud has since developed

so now google cloud has since developed a managed offering for kubernetes

a managed offering for kubernetes providing a managed environment for

providing a managed environment for deploying managing and scaling your

deploying managing and scaling your containerized applications using google

containerized applications using google infrastructure the gke environment

infrastructure the gke environment consists of compute engine instances

consists of compute engine instances grouped together to form a cluster and

grouped together to form a cluster and it provides all the same benefits as

it provides all the same benefits as on-premises kubernetes yet has

on-premises kubernetes yet has abstracted the complexity of having to

abstracted the complexity of having to worry about the hardware and to top it

worry about the hardware and to top it off it has the benefits of advanced

off it has the benefits of advanced cluster management features that google

cluster management features that google cloud provides

cloud provides with things like cloud load balancing

with things like cloud load balancing and being able to spread traffic amongst

and being able to spread traffic amongst clusters and nodes node pools to

clusters and nodes node pools to designate subnets of nodes within a

designate subnets of nodes within a cluster for additional flexibility

cluster for additional flexibility automatic scaling of your cluster's node

automatic scaling of your cluster's node instance count and automatic upgrades

instance count and automatic upgrades for your clusters node software it also

for your clusters node software it also allows you to maintain node health and

allows you to maintain node health and availability with node auto repair and

availability with node auto repair and takes care of logging and monitoring

takes care of logging and monitoring with google cloud's operation suite for

with google cloud's operation suite for visibility into your cluster so as you

visibility into your cluster so as you can see here gke holds a lot of benefits

can see here gke holds a lot of benefits when it comes to running kubernetes in

when it comes to running kubernetes in google cloud so i wanted to take a

google cloud so i wanted to take a moment now to dive into the cluster

moment now to dive into the cluster architecture and help familiarize you

architecture and help familiarize you with all the components involved in a

with all the components involved in a cluster so a cluster is the foundation

cluster so a cluster is the foundation of google kubernetes engine and

of google kubernetes engine and kubernetes as a whole the kubernetes

kubernetes as a whole the kubernetes objects that represent your

objects that represent your containerized applications all run on

containerized applications all run on top of the cluster in gke a cluster

top of the cluster in gke a cluster consists of at least one control plane

consists of at least one control plane and multiple worker machines called

and multiple worker machines called nodes the control plane and node

nodes the control plane and node machines run the kubernetes cluster the

machines run the kubernetes cluster the control plane is responsible to

control plane is responsible to coordinate the entire cluster and this

coordinate the entire cluster and this can include scheduling workloads like

can include scheduling workloads like containerized applications and managing

containerized applications and managing the workload's life cycle scaling and

the workload's life cycle scaling and upgrades the control plane also manages

upgrades the control plane also manages network and storage resources for those

network and storage resources for those workloads and most importantly it

workloads and most importantly it manages the state of the cluster and

manages the state of the cluster and make sure it is at the desired state now

make sure it is at the desired state now the nodes are the worker machines that

the nodes are the worker machines that run your containerized applications and

run your containerized applications and other workloads the nodes are compute

other workloads the nodes are compute engine vm instances that gke creates on

engine vm instances that gke creates on your behalf when you create a cluster

your behalf when you create a cluster each node is managed from the control

each node is managed from the control plane which receives updates on each

plane which receives updates on each node's self-reported status a node also

node's self-reported status a node also runs the services necessary to support

runs the services necessary to support the docker containers that make up your

the docker containers that make up your cluster's workloads these include the

cluster's workloads these include the docker runtime and the kubernetes node

docker runtime and the kubernetes node agent known as the cubelet which

agent known as the cubelet which communicates with the control plane and

communicates with the control plane and is responsible for starting and running

is responsible for starting and running docker containers scheduled on that node

docker containers scheduled on that node now diving deeper into the architecture

now diving deeper into the architecture there are components within the control

there are components within the control plane and nodes that you should

plane and nodes that you should familiarize yourself with as these

familiarize yourself with as these components are what ties the cluster

components are what ties the cluster together and helps manage the

together and helps manage the orchestration as well as the state now

orchestration as well as the state now the control plane is the unified

the control plane is the unified endpoint for your cluster the control

endpoint for your cluster the control plane's components make global decisions

plane's components make global decisions about the cluster for example scheduling

about the cluster for example scheduling as well as detecting and responding to

as well as detecting and responding to cluster events all interactions with the

cluster events all interactions with the cluster are done via kubernetes api

cluster are done via kubernetes api calls and the control plane runs the

calls and the control plane runs the kubernetes api server process to handle

kubernetes api server process to handle those requests you can make kubernetes

those requests you can make kubernetes api calls directly via http or grpc or

api calls directly via http or grpc or can also be done indirectly by running

can also be done indirectly by running commands from the kubernetes command

commands from the kubernetes command line client called cubectl and of course

line client called cubectl and of course you can interact with the ui in the

you can interact with the ui in the cloud console the api server process is

cloud console the api server process is the hub for all communications for the

the hub for all communications for the cluster moving on to the next component

cluster moving on to the next component is cube scheduler the cube scheduler is

is cube scheduler the cube scheduler is a component that discovers and assigns

a component that discovers and assigns newly created pods to a node for them to

newly created pods to a node for them to run on so any new pods that are created

run on so any new pods that are created will automatically be assigned to its

will automatically be assigned to its appropriate node by the cube scheduler

appropriate node by the cube scheduler taking into consideration any

taking into consideration any constraints that are in place next up is

constraints that are in place next up is the cube controller manager and this is

the cube controller manager and this is the component that runs controller

the component that runs controller processes and is responsible for things

processes and is responsible for things like noticing and responding when nodes

like noticing and responding when nodes go down

go down maintaining the correct number of pods

maintaining the correct number of pods populating the services and pods as well

populating the services and pods as well as creating default accounts and api

as creating default accounts and api access tokens for new namespaces it is

access tokens for new namespaces it is these controllers that will basically

these controllers that will basically look to make changes to the cluster when

look to make changes to the cluster when the current state does not meet the

the current state does not meet the desired state now when it comes to the

desired state now when it comes to the cloud controller manager this is what

cloud controller manager this is what embeds cloud-specific control logic the

embeds cloud-specific control logic the cloud controller manager lets you link

cloud controller manager lets you link your cluster into any cloud providers

your cluster into any cloud providers api

api and separates out the components that

and separates out the components that interact with that cloud platform from

interact with that cloud platform from components that just interact with your

components that just interact with your cluster the cloud controller manager

cluster the cloud controller manager only runs controllers that are specific

only runs controllers that are specific to your cloud provider in this case

to your cloud provider in this case google cloud and lastly we have fcd and

google cloud and lastly we have fcd and this component is responsible to store

this component is responsible to store the state of the cluster at cd is a

the state of the cluster at cd is a consistent and highly available key

consistent and highly available key value store that only interacts with the

value store that only interacts with the api server it saves all the

api server it saves all the configuration data along with what nodes

configuration data along with what nodes are part of the cluster and what pods

are part of the cluster and what pods they are running so now the control

they are running so now the control plane needs a way to interact with the

plane needs a way to interact with the nodes of the cluster thus the nodes

nodes of the cluster thus the nodes having components themselves for this

having components themselves for this communication to occur this component is

communication to occur this component is called a cubelet and this is an agent

called a cubelet and this is an agent that runs on each node in the cluster

that runs on each node in the cluster that communicates with the control plane

that communicates with the control plane it is responsible for starting and

it is responsible for starting and running docker containers scheduled on

running docker containers scheduled on that node it takes a set of pod specs

that node it takes a set of pod specs that are provided to it and ensures that

that are provided to it and ensures that the containers described in those pod

the containers described in those pod specs are running and healthy and i will

specs are running and healthy and i will be diving into pod specs in a later

be diving into pod specs in a later lesson next up is cube proxy and this is

lesson next up is cube proxy and this is the component that maintains network

the component that maintains network connectivity to the pods in a cluster

connectivity to the pods in a cluster and lastly the container runtime is the

and lastly the container runtime is the software that is responsible for running

software that is responsible for running containers kubernetes supports container

containers kubernetes supports container runtimes like docker and container d and

runtimes like docker and container d and so these are the main components in a

so these are the main components in a cluster covering the control plane and

cluster covering the control plane and nodes with regards to communication

nodes with regards to communication within the cluster now before i end this

within the cluster now before i end this lesson there is one more topic i wanted

lesson there is one more topic i wanted to touch on with regards to the

to touch on with regards to the architecture of a gke cluster and that

architecture of a gke cluster and that is the abstraction that happens and what

is the abstraction that happens and what exactly does gke manage with regards to

exactly does gke manage with regards to kubernetes well gke manages all the

kubernetes well gke manages all the control plane components the endpoint

control plane components the endpoint exposes the kubernetes api server that

exposes the kubernetes api server that cubectl uses to communicate with your

cubectl uses to communicate with your cluster control plane the endpoint

cluster control plane the endpoint exposes the kubernetes api server that

exposes the kubernetes api server that cubectl uses to communicate with your

cubectl uses to communicate with your cluster control plane the endpoint ip is

cluster control plane the endpoint ip is displayed in cloud console and this ip

displayed in cloud console and this ip will allow you to interact with the

will allow you to interact with the cluster when you run the command gcloud

cluster when you run the command gcloud container clusters get dash credentials

container clusters get dash credentials you see that the command gets the

you see that the command gets the cluster endpoint as part of updating

cluster endpoint as part of updating cubeconfig an ip address for the cluster

cubeconfig an ip address for the cluster is then exposed to interact with and is

is then exposed to interact with and is responsible for provisioning and

responsible for provisioning and managing all the infrastructure that is

managing all the infrastructure that is needed for the control plane gke also

needed for the control plane gke also automates the kubernetes nodes by

automates the kubernetes nodes by launching them as compute engine vms

launching them as compute engine vms under the hood but still allows the user

under the hood but still allows the user to change the machine type and access

to change the machine type and access upgrade options by default google

upgrade options by default google kubernetes engine clusters and node

kubernetes engine clusters and node pools are upgraded automatically by

pools are upgraded automatically by google but you can also control when

google but you can also control when auto upgrades can and cannot occur by

auto upgrades can and cannot occur by configuring maintenance windows and

configuring maintenance windows and exclusions and just as a note a clusters

exclusions and just as a note a clusters control plane and nodes do not

control plane and nodes do not necessarily run the same version at all

necessarily run the same version at all times and i will be digging more into

times and i will be digging more into that in a later lesson and so i know

that in a later lesson and so i know this is a lot of theory to take in but

this is a lot of theory to take in but is as i said before a necessity to

is as i said before a necessity to understanding kubernetes and gke and as

understanding kubernetes and gke and as we go further along into kubernetes and

we go further along into kubernetes and get into demos i promise that this will

get into demos i promise that this will start to make a lot more sense and you

start to make a lot more sense and you will start becoming more comfortable

will start becoming more comfortable with gke and the underlying components

with gke and the underlying components of kubernetes knowing kubernetes is a

of kubernetes knowing kubernetes is a must when working in any cloud

must when working in any cloud environment as it is a popular and

environment as it is a popular and growing technology that is not slowing

growing technology that is not slowing down so knowing gke will put you in a

down so knowing gke will put you in a really good position for your career as

really good position for your career as an engineer in google cloud as well will

an engineer in google cloud as well will give you a leg up on diving into other

give you a leg up on diving into other cloud vendors implementation of

cloud vendors implementation of kubernetes and so that's pretty much all

kubernetes and so that's pretty much all i wanted to cover when it comes to

i wanted to cover when it comes to google kubernetes engine and kubernetes

google kubernetes engine and kubernetes so you can now mark this lesson as

so you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

welcome back in this lesson i will be covering cluster and node management in

covering cluster and node management in gke as it refers to choosing different

gke as it refers to choosing different cluster types for your workloads cluster

cluster types for your workloads cluster versions

versions node pools as well as upgrades and the

node pools as well as upgrades and the many different options to choose from it

many different options to choose from it is good to familiarize yourself with

is good to familiarize yourself with these options as they may be the

these options as they may be the deciding factor of having to keep your

deciding factor of having to keep your workloads highly available and your

workloads highly available and your tolerance to risk within your

tolerance to risk within your environment so with that being said

environment so with that being said let's dive in now in the last lesson we

let's dive in now in the last lesson we touched on nodes and how they are the

touched on nodes and how they are the workers for the kubernetes cluster so

workers for the kubernetes cluster so now that you are familiar with nodes i

now that you are familiar with nodes i wanted to touch on a concept that builds

wanted to touch on a concept that builds on it called node pools now a node pool

on it called node pools now a node pool is a group of nodes within a cluster

is a group of nodes within a cluster that all have the same configuration and

that all have the same configuration and using node config specification to

using node config specification to achieve this a node pool can also

achieve this a node pool can also contain one or multiple nodes when you

contain one or multiple nodes when you first create a cluster the number and

first create a cluster the number and type of nodes that you specify becomes

type of nodes that you specify becomes the default node pool as shown here in

the default node pool as shown here in the diagram then you can add additional

the diagram then you can add additional custom node pools of different sizes and

custom node pools of different sizes and types to your cluster all nodes in any

types to your cluster all nodes in any given node pool are identical to one

given node pool are identical to one another now custom node pools are really

another now custom node pools are really useful when you need to schedule pods

useful when you need to schedule pods that require more resources than others

that require more resources than others such as more memory more disk space or

such as more memory more disk space or even different machine types you can

even different machine types you can create upgrade and delete node pools

create upgrade and delete node pools individually without affecting the whole

individually without affecting the whole cluster and just as a note you cannot

cluster and just as a note you cannot configure a single node in any node pool

configure a single node in any node pool any configuration changes affect all

any configuration changes affect all nodes in the node pool and by default

nodes in the node pool and by default all new node pools run the latest stable

all new node pools run the latest stable version of kubernetes existing node

version of kubernetes existing node pools can be manually upgraded or

pools can be manually upgraded or automatically upgraded you can also run

automatically upgraded you can also run multiple kubernetes node versions on

multiple kubernetes node versions on each node pool in your cluster update

each node pool in your cluster update each node pool independently and target

each node pool independently and target different node pools for specific

different node pools for specific deployments in that node now with gke

deployments in that node now with gke you can create a cluster tailored to

you can create a cluster tailored to your availability requirements and your

your availability requirements and your budget the types of available clusters

budget the types of available clusters include zonal both single zone or

include zonal both single zone or multi-zonal and regional zonal clusters

multi-zonal and regional zonal clusters have a single control plane in a single

have a single control plane in a single zone depending on what kind of

zone depending on what kind of availability you want you can distribute

availability you want you can distribute your nodes for your zonal cluster in a

your nodes for your zonal cluster in a single zone or in multiple zones now

single zone or in multiple zones now when you decide to deploy a single zone

when you decide to deploy a single zone cluster it again has a single control

cluster it again has a single control plane running in one zone this control

plane running in one zone this control plane manages workloads on nodes running

plane manages workloads on nodes running in the same zone a multi-zonal cluster

in the same zone a multi-zonal cluster on the other hand has a single replica

on the other hand has a single replica of the control plane running in a single

of the control plane running in a single zone and has nodes running in multiple

zone and has nodes running in multiple zones during an upgrade of the cluster

zones during an upgrade of the cluster or an outage of the zone where the

or an outage of the zone where the control plane runs

control plane runs workloads still run however the cluster

workloads still run however the cluster its nodes and its workloads cannot be

its nodes and its workloads cannot be configured until the control plane is

configured until the control plane is available multi-zonal clusters are

available multi-zonal clusters are designed to balance availability and

designed to balance availability and cost for consistent workloads and just

cost for consistent workloads and just as a note the same number of nodes will

as a note the same number of nodes will be deployed to each selected zone and

be deployed to each selected zone and may cost you more than budgeted so

may cost you more than budgeted so please be aware and of course when

please be aware and of course when you're looking to achieve high

you're looking to achieve high availability for your cluster regional

availability for your cluster regional clusters are always the way to go a

clusters are always the way to go a regional cluster has multiple replicas

regional cluster has multiple replicas of the control plane running in multiple

of the control plane running in multiple zones within a given region nodes also

zones within a given region nodes also run in each zone where a replica of the

run in each zone where a replica of the control plane runs because a regional

control plane runs because a regional cluster replicates the control plane and

cluster replicates the control plane and nodes it consumes more compute engine

nodes it consumes more compute engine resources than a similar single zone or

resources than a similar single zone or multi-zonal cluster the same number of

multi-zonal cluster the same number of nodes will be deployed to each selected

nodes will be deployed to each selected zone and the default when selecting

zone and the default when selecting regional clusters is three zones now if

regional clusters is three zones now if you're dealing with more sensitive

you're dealing with more sensitive workloads that require more strict

workloads that require more strict guidelines private clusters give you the

guidelines private clusters give you the ability to isolate nodes from having

ability to isolate nodes from having inbound and outbound connectivity to the

inbound and outbound connectivity to the public internet this isolation is

public internet this isolation is achieved as the nodes have internal ip

achieved as the nodes have internal ip addresses only if you want to provide

addresses only if you want to provide outbound internet access for certain

outbound internet access for certain private nodes you can use cloudnat or

private nodes you can use cloudnat or manage your own nat gateway by default

manage your own nat gateway by default private google access is enabled in

private google access is enabled in private clusters and their workloads

private clusters and their workloads with limited outbound access to google

with limited outbound access to google cloud apis and services over google's

cloud apis and services over google's private network in private clusters the

private network in private clusters the control plane's vpc network is connected

control plane's vpc network is connected to your clusters vpc network with vpc

to your clusters vpc network with vpc network peering your vpc network

network peering your vpc network contains the cluster nodes and a

contains the cluster nodes and a separate google cloud vpc network

separate google cloud vpc network contains your cluster's control plane

contains your cluster's control plane the control plane's vpc network is

the control plane's vpc network is located in a project controlled by

located in a project controlled by google traffic between nodes and the

google traffic between nodes and the control plane is routed entirely using

control plane is routed entirely using internal ip addresses the control plane

internal ip addresses the control plane for a private cluster has a private

for a private cluster has a private endpoint in addition to a public

endpoint in addition to a public endpoint the control plane for a

endpoint the control plane for a non-private cluster only has a public

non-private cluster only has a public endpoint the private endpoint is an

endpoint the private endpoint is an internal ip address in the control

internal ip address in the control plane's vpc network the public endpoint

plane's vpc network the public endpoint is the external ip address of the

is the external ip address of the control plane and you can control access

control plane and you can control access to this endpoint using authorized

to this endpoint using authorized networks or you can disable access to

networks or you can disable access to the public endpoint as shown here in the

the public endpoint as shown here in the diagram you can disable the public

diagram you can disable the public endpoint and connect to your network

endpoint and connect to your network using an internal ip address using cloud

using an internal ip address using cloud interconnect or cloud vpn and you always

interconnect or cloud vpn and you always have the option of enabling or disabling

have the option of enabling or disabling this public endpoint now when you create

this public endpoint now when you create a cluster you can choose the cluster

a cluster you can choose the cluster specific kubernetes version or you can

specific kubernetes version or you can mix the versions for flexibility on

mix the versions for flexibility on features either way it is always

features either way it is always recommended that you enable auto upgrade

recommended that you enable auto upgrade for the cluster and its nodes now when

for the cluster and its nodes now when you have auto upgrade enabled you are

you have auto upgrade enabled you are given the choice to choose from what are

given the choice to choose from what are called release channels when you enroll

called release channels when you enroll a new cluster in a release channel

a new cluster in a release channel google automatically manages the version

google automatically manages the version and upgrade cadence for the cluster and

and upgrade cadence for the cluster and its node pools all channels offer

its node pools all channels offer supported releases of gke and are

supported releases of gke and are considered in general availability you

considered in general availability you can choose from three different release

can choose from three different release channels for automatic management of

channels for automatic management of your cluster's version and upgrade

your cluster's version and upgrade cadence as shown here the available

cadence as shown here the available release channels are rapid regular and

release channels are rapid regular and stable release channels the rapid

stable release channels the rapid release channel gets the latest

release channel gets the latest kubernetes release as early as possible

kubernetes release as early as possible and be able to use new gka features the

and be able to use new gka features the moment that they go into general

moment that they go into general availability with the regular release

availability with the regular release channel you have access to gke and

channel you have access to gke and kubernetes features reasonably soon

kubernetes features reasonably soon after they are released but on a version

after they are released but on a version that has been qualified two to three

that has been qualified two to three months after releasing in the rapid

months after releasing in the rapid release channel and finally we have the

release channel and finally we have the stable release channel where stability

stable release channel where stability is prioritized over new functionality

is prioritized over new functionality changes and new versions in this channel

changes and new versions in this channel are rolled out last after being

are rolled out last after being validated two to three months in the

validated two to three months in the regular release channel and so if you're

regular release channel and so if you're looking for more direct management of

looking for more direct management of your cluster's version choose a static

your cluster's version choose a static version when you enroll a cluster in a

version when you enroll a cluster in a release channel that cluster is upgraded

release channel that cluster is upgraded automatically when a new version is

automatically when a new version is available in that channel now if you do

available in that channel now if you do not use a release channel or choose a

not use a release channel or choose a cluster version the current default

cluster version the current default version is use the default version is

version is use the default version is selected based on usage and real world

selected based on usage and real world performance and is changed regularly

performance and is changed regularly while the default version is the most

while the default version is the most mature one

mature one other versions being made available are

other versions being made available are generally available versions that pass

generally available versions that pass internal testing and qualification

internal testing and qualification changes to the default version are

changes to the default version are announced in a release note now if you

announced in a release note now if you know that you need to use a specific

know that you need to use a specific supported version of kubernetes for a

supported version of kubernetes for a given workload you can specify it when

given workload you can specify it when creating the cluster if you do not need

creating the cluster if you do not need to control the specific patch version

to control the specific patch version you use consider enrolling your cluster

you use consider enrolling your cluster in a release channel instead of managing

in a release channel instead of managing its version directly now when it comes

its version directly now when it comes to upgrading the cluster please be aware

to upgrading the cluster please be aware that control plane and nodes do not

that control plane and nodes do not always run the same version at all times

always run the same version at all times as well a control plane is always

as well a control plane is always upgraded before its nodes when it comes

upgraded before its nodes when it comes to zonal clusters you cannot launch or

to zonal clusters you cannot launch or edit workloads during that upgrade and

edit workloads during that upgrade and with regional clusters each control

with regional clusters each control plane is upgraded one by one as well

plane is upgraded one by one as well with control planes auto upgrade is

with control planes auto upgrade is enabled by default and this is google

enabled by default and this is google cloud's best practice now again if you

cloud's best practice now again if you choose you can do a manual upgrade but

choose you can do a manual upgrade but you cannot upgrade the control plane

you cannot upgrade the control plane more than one minor version at a time so

more than one minor version at a time so please be aware as well with any cluster

please be aware as well with any cluster upgrades maintenance windows and

upgrades maintenance windows and exclusions are available and so this way

exclusions are available and so this way you can choose the best times for your

you can choose the best times for your upgrades and so like cluster upgrades by

upgrades and so like cluster upgrades by default a clusters nodes have auto

default a clusters nodes have auto upgrade enabled and it is recommended

upgrade enabled and it is recommended that you do not disable it again this is

that you do not disable it again this is best practice by google cloud and again

best practice by google cloud and again like the cluster upgrades a manual

like the cluster upgrades a manual upgrade is available and maintenance

upgrade is available and maintenance windows and exclusions are available for

windows and exclusions are available for all of these upgrades now when a no pool

all of these upgrades now when a no pool is upgraded gke upgrades one node at a

is upgraded gke upgrades one node at a time

time while a node is being upgraded gke stops

while a node is being upgraded gke stops scheduling new pods onto it and attempts

scheduling new pods onto it and attempts to schedule its running pods onto other

to schedule its running pods onto other nodes the node is then recreated at the

nodes the node is then recreated at the new version but using the same name as

new version but using the same name as before this is similar to other events

before this is similar to other events that recreate the node such as enabling

that recreate the node such as enabling or disabling a feature on the node pool

or disabling a feature on the node pool and the upgrade is only complete when

and the upgrade is only complete when all nodes have been recreated and the

all nodes have been recreated and the cluster is in the desired state when a

cluster is in the desired state when a newly upgraded node registers with the

newly upgraded node registers with the control plane gke marks the node as

control plane gke marks the node as schedulable upgrading a no pool may

schedulable upgrading a no pool may disrupt workloads running in that pool

disrupt workloads running in that pool and so in order to avoid this you can

and so in order to avoid this you can create a new node pool with the desired

create a new node pool with the desired version and migrate the workload then

version and migrate the workload then after migration you can delete the old

after migration you can delete the old node pool now surge upgrades let you

node pool now surge upgrades let you control the number of nodes gke can

control the number of nodes gke can upgrade at a time and control how

upgrade at a time and control how disruptive upgrades are to your

disruptive upgrades are to your workloads you can change how many nodes

workloads you can change how many nodes gke attempts to upgrade at once by

gke attempts to upgrade at once by changing the surge upgrade parameters on

changing the surge upgrade parameters on a no pool surge upgrades reduce

a no pool surge upgrades reduce disruption to your workloads during

disruption to your workloads during cluster maintenance and also allow you

cluster maintenance and also allow you to control the number of nodes upgraded

to control the number of nodes upgraded in parallel surge upgrades also work

in parallel surge upgrades also work with the cluster auto scaler to prevent

with the cluster auto scaler to prevent changes to nodes that are being upgraded

changes to nodes that are being upgraded now surge upgrade behavior is determined

now surge upgrade behavior is determined by two settings max surge upgrade and

by two settings max surge upgrade and max unavailable upgrade

max unavailable upgrade now with max surge upgrade this is the

now with max surge upgrade this is the number of additional nodes that can be

number of additional nodes that can be added to the no pool during an upgrade

added to the no pool during an upgrade increasing max surge upgrade raises the

increasing max surge upgrade raises the number of nodes that can be upgraded

number of nodes that can be upgraded simultaneously and when it comes to the

simultaneously and when it comes to the max unavailable upgrade this is the

max unavailable upgrade this is the number of nodes that can be

number of nodes that can be simultaneously unavailable during an

simultaneously unavailable during an upgrade increasing max unavailable

upgrade increasing max unavailable upgrade raises the number of nodes that

upgrade raises the number of nodes that can be upgraded in parallel so with max

can be upgraded in parallel so with max surge upgrade the higher the number the

surge upgrade the higher the number the more parallel upgrades which will end up

more parallel upgrades which will end up costing you more money with max

costing you more money with max unavailable upgrade the higher the

unavailable upgrade the higher the number the more disruptive it is and so

number the more disruptive it is and so the more risk you are taking and so

the more risk you are taking and so during upgrades gke brings down at most

during upgrades gke brings down at most the sum of the max surge upgrade added

the sum of the max surge upgrade added with the max unavailable upgrade so as

with the max unavailable upgrade so as you can see here there are a slew of

you can see here there are a slew of options when it comes to deciding on the

options when it comes to deciding on the type of cluster you want as well as the

type of cluster you want as well as the type of upgrades that are available

type of upgrades that are available along with when you want them to occur

along with when you want them to occur and so your deciding factor in the end

and so your deciding factor in the end will be the workload that you are

will be the workload that you are running and your risk tolerance and this

running and your risk tolerance and this will play a big factor in keeping up

will play a big factor in keeping up time for your cluster as well as saving

time for your cluster as well as saving money in any type of environment and so

money in any type of environment and so that's pretty much all i wanted to cover

that's pretty much all i wanted to cover when it comes to gke cluster and node

when it comes to gke cluster and node management so you can now mark this

management so you can now mark this lesson as complete and let's move on to

lesson as complete and let's move on to the next one

the next one [Music]

[Music] welcome back and in this lesson i will

welcome back and in this lesson i will be diving into some more theory within

be diving into some more theory within kubernetes and gke this time touching on

kubernetes and gke this time touching on objects and how objects are managed pods

objects and how objects are managed pods are only one type of object but there

are only one type of object but there are many other parts that are involved

are many other parts that are involved in the management of these objects and

in the management of these objects and this is what this lesson is set out to

this is what this lesson is set out to teach you now there's quite a bit to

teach you now there's quite a bit to cover here so with that being said let's

cover here so with that being said let's dive in

dive in now kubernetes objects are persistent

now kubernetes objects are persistent entities in kubernetes kubernetes uses

entities in kubernetes kubernetes uses these entities to represent the state of

these entities to represent the state of your cluster for example it can describe

your cluster for example it can describe things like what containerized

things like what containerized applications are running and on which

applications are running and on which nodes and what resources are available

nodes and what resources are available to those applications a kubernetes

to those applications a kubernetes object is a record of intent once you

object is a record of intent once you create the object kubernetes will

create the object kubernetes will constantly work to ensure that object

constantly work to ensure that object exists by creating an object you're

exists by creating an object you're effectively telling kubernetes what you

effectively telling kubernetes what you want your cluster's workload to look

want your cluster's workload to look like and this is your cluster's desired

like and this is your cluster's desired state and you've heard me speak about

state and you've heard me speak about this many times before and this is what

this many times before and this is what i was referring to now almost every

i was referring to now almost every kubernetes object includes two nested

kubernetes object includes two nested object fields that govern the object's

object fields that govern the object's configuration the object spec and the

configuration the object spec and the object's status for objects that have a

object's status for objects that have a spec you have to set this when you

spec you have to set this when you create the object providing a

create the object providing a description of the characteristics you

description of the characteristics you want the resource to have its desired

want the resource to have its desired state the status describes the current

state the status describes the current state of the object supplied and updated

state of the object supplied and updated by kubernetes and its components the

by kubernetes and its components the kubernetes control plane continually and

kubernetes control plane continually and actively manages every object's actual

actively manages every object's actual state to match the desired state you

state to match the desired state you supplied now each object in your cluster

supplied now each object in your cluster has a name that is unique for that type

has a name that is unique for that type of resource every kubernetes object also

of resource every kubernetes object also has a uid that is unique across your

has a uid that is unique across your whole cluster only one object of a given

whole cluster only one object of a given kind can have a given name at a time

kind can have a given name at a time however if you delete the object you can

however if you delete the object you can make a new object with that same name

make a new object with that same name every object created over the whole

every object created over the whole lifetime of a kubernetes cluster has a

lifetime of a kubernetes cluster has a distinct uid these distinct uids are

distinct uid these distinct uids are also known as uuids which we discussed

also known as uuids which we discussed earlier on in the course now when

earlier on in the course now when creating updating or deleting objects in

creating updating or deleting objects in kubernetes this is done through the use

kubernetes this is done through the use of a manifest file where you would

of a manifest file where you would specify the desired state of an object

specify the desired state of an object that kubernetes will maintain when you

that kubernetes will maintain when you apply the manifest each configuration

apply the manifest each configuration file can contain multiple manifests and

file can contain multiple manifests and is common practice to do so when

is common practice to do so when possible a manifest file is defined in

possible a manifest file is defined in the form of a yaml file or a json file

the form of a yaml file or a json file and it is recommended to use yaml now in

and it is recommended to use yaml now in each yaml file for the kubernetes object

each yaml file for the kubernetes object that you want to create there are some

that you want to create there are some required values that need to be set the

required values that need to be set the first one is the api version and this

first one is the api version and this defines which version of the kubernetes

defines which version of the kubernetes api you're using to create this object

api you're using to create this object the kind described in this example as a

the kind described in this example as a pod is the kind of object you want to

pod is the kind of object you want to create next up is the metadata and this

create next up is the metadata and this is the data that helps uniquely identify

is the data that helps uniquely identify the object including a string name

the object including a string name a uid and an optional namespace and the

a uid and an optional namespace and the last required value is the spec

last required value is the spec and this is what state you desire for

and this is what state you desire for the object and the spec in this example

the object and the spec in this example is a container by the name of bow tie

is a container by the name of bow tie dash web server and is to be built with

dash web server and is to be built with the latest nginx web server image as

the latest nginx web server image as well as having port 80 open on the

well as having port 80 open on the container now when it comes to objects

container now when it comes to objects pods are the smallest most basic

pods are the smallest most basic deployable objects in kubernetes a pod

deployable objects in kubernetes a pod represents a single instance of a

represents a single instance of a running process in your cluster pods

running process in your cluster pods contain one or more containers such as

contain one or more containers such as docker containers and when a pod runs

docker containers and when a pod runs multiple containers the containers are

multiple containers the containers are managed as a single entity and share the

managed as a single entity and share the pods resources which also includes

pods resources which also includes shared networking and shared storage for

shared networking and shared storage for their containers generally one pod is

their containers generally one pod is meant to run a single instance of an

meant to run a single instance of an application on your cluster which is

application on your cluster which is self-contained and isolated

self-contained and isolated now although a pod is meant to run a

now although a pod is meant to run a single instance of your application on

single instance of your application on your cluster

your cluster it is not recommended to create

it is not recommended to create individual pods directly instead you

individual pods directly instead you generally create a set of identical pods

generally create a set of identical pods called replicas to run your application

called replicas to run your application a set of replicated pods are created and

a set of replicated pods are created and managed by a controller such as a

managed by a controller such as a deployment controllers manage the life

deployment controllers manage the life cycle of their pods as well as

cycle of their pods as well as performing horizontal scaling changing

performing horizontal scaling changing the number of pods is necessary now

the number of pods is necessary now although you might occasionally interact

although you might occasionally interact with pods directly to debug troubleshoot

with pods directly to debug troubleshoot or inspect them it's recommended that

or inspect them it's recommended that you use a controller to manage your pods

you use a controller to manage your pods and so once your pods are created they

and so once your pods are created they are then run on nodes in your cluster

are then run on nodes in your cluster which we discussed earlier the pod will

which we discussed earlier the pod will then remain on its node until its

then remain on its node until its process is complete the pot is deleted

process is complete the pot is deleted the pod is evicted from the node due to

the pod is evicted from the node due to lack of resources or the node fails if a

lack of resources or the node fails if a node fails pods on the node are

node fails pods on the node are automatically scheduled for deletion now

automatically scheduled for deletion now a single gke cluster should be able to

a single gke cluster should be able to satisfy the needs of multiple users or

satisfy the needs of multiple users or groups of users and kubernetes

groups of users and kubernetes namespaces help different projects teams

namespaces help different projects teams or customers to share a kubernetes

or customers to share a kubernetes cluster you can think of a namespace as

cluster you can think of a namespace as a virtual cluster inside of your

a virtual cluster inside of your kubernetes cluster and you can have

kubernetes cluster and you can have multiple namespaces logically isolated

multiple namespaces logically isolated from each other they can help you and

from each other they can help you and your teams with organization and

your teams with organization and security now you can name your

security now you can name your namespaces whatever you'd like but

namespaces whatever you'd like but kubernetes starts with four initial

kubernetes starts with four initial namespaces the first one is the default

namespaces the first one is the default namespace and this is for objects with

namespace and this is for objects with no other namespace

no other namespace so when creating new objects without a

so when creating new objects without a namespace your object will automatically

namespace your object will automatically be assigned to this namespace cube dash

be assigned to this namespace cube dash system is the next one and these are for

system is the next one and these are for objects created by kubernetes

objects created by kubernetes cube-public is created automatically and

cube-public is created automatically and is readable by all users but is mostly

is readable by all users but is mostly reserved for cluster usage in case that

reserved for cluster usage in case that some resources should be visible and

some resources should be visible and readable publicly throughout the whole

readable publicly throughout the whole cluster and finally cube node lease is

cluster and finally cube node lease is the namespace for the lease objects

the namespace for the lease objects associated with each node which improves

associated with each node which improves the performance of the node heartbeats

the performance of the node heartbeats as the cluster scales and so like most

as the cluster scales and so like most resources in google cloud labels are key

resources in google cloud labels are key value pairs that help you organize your

value pairs that help you organize your resources in this case kubernetes

resources in this case kubernetes objects labels can be attached to

objects labels can be attached to objects at creation time and can be

objects at creation time and can be added or modified at any time each

added or modified at any time each object can have a set of key value

object can have a set of key value labels defined and each key must be

labels defined and each key must be unique for a given object and labels can

unique for a given object and labels can be found under metadata in your manifest

be found under metadata in your manifest file and so the one thing to remember

file and so the one thing to remember about pods is that they are ephemeral

about pods is that they are ephemeral they are not designed to run forever and

they are not designed to run forever and when a pod is terminated it cannot be

when a pod is terminated it cannot be brought back in general pods do not

brought back in general pods do not disappear until they are deleted by a

disappear until they are deleted by a user or by a controller pods do not heal

user or by a controller pods do not heal or repair themselves for example if a

or repair themselves for example if a pod is scheduled on a node which later

pod is scheduled on a node which later fails the pod is deleted as well if a

fails the pod is deleted as well if a pod is evicted from a node for any

pod is evicted from a node for any reason the pod does not replace itself

reason the pod does not replace itself and so here is a diagram of a pod life

and so here is a diagram of a pod life cycle that shows the different phases of

cycle that shows the different phases of its running time to give you some better

its running time to give you some better clarity of its ephemeral nature when

clarity of its ephemeral nature when first creating the pod the pod will

first creating the pod the pod will start impending and this is the pod's

start impending and this is the pod's initial phase and is waiting for one or

initial phase and is waiting for one or more of the containers to be set up and

more of the containers to be set up and made ready to run this includes the time

made ready to run this includes the time a pod spends waiting to be scheduled as

a pod spends waiting to be scheduled as well as the time spent downloading

well as the time spent downloading container images over the network once

container images over the network once the pod has completed the pending phase

the pod has completed the pending phase it is moved on to be scheduled and once

it is moved on to be scheduled and once it is scheduled it will move into the

it is scheduled it will move into the running phase and this is the phase

running phase and this is the phase where the pod has been bound to a node

where the pod has been bound to a node and all of the containers have been

and all of the containers have been created the running phase has at least

created the running phase has at least one container in the pod running or is

one container in the pod running or is in the process of starting or restarting

in the process of starting or restarting and once the workload is complete the

and once the workload is complete the pod will move into the succeeded phase

pod will move into the succeeded phase and this is where all the containers in

and this is where all the containers in the pod have terminated in success and

the pod have terminated in success and will not be restarted now if all the

will not be restarted now if all the containers in the pod have not

containers in the pod have not terminated successfully the pod will

terminated successfully the pod will move into a failed phase and this is

move into a failed phase and this is where all the containers in the pod have

where all the containers in the pod have terminated and at least one container

terminated and at least one container has terminated in failure now there's

has terminated in failure now there's one more phase in the pod life cycle

one more phase in the pod life cycle that i wanted to bring up which is the

that i wanted to bring up which is the unknown phase and this is the state of

unknown phase and this is the state of the pod that could not be obtained this

the pod that could not be obtained this phase typically occurs due to an error

phase typically occurs due to an error in communicating with the node where the

in communicating with the node where the pod should be running so now when you're

pod should be running so now when you're creating pods using a deployment is a

creating pods using a deployment is a common way to do this a deployment runs

common way to do this a deployment runs multiple replicas of your application

multiple replicas of your application and automatically replaces any instances

and automatically replaces any instances that fail or become unresponsive

that fail or become unresponsive deployments help ensure that one or more

deployments help ensure that one or more instances of your application are

instances of your application are available to serve user requests

available to serve user requests deployments use a pod template which

deployments use a pod template which contains a specification for its pods

contains a specification for its pods the pod specification determines how

the pod specification determines how each pod should look like for instance

each pod should look like for instance what applications should run inside its

what applications should run inside its containers which volumes the pods should

containers which volumes the pods should mount its labels and more and so when a

mount its labels and more and so when a deployments pod template is changed new

deployments pod template is changed new pods are automatically created one at a

pods are automatically created one at a time now i wanted to quickly bring up

time now i wanted to quickly bring up replica sets for just a moment you'll

replica sets for just a moment you'll hear about replica sets and i wanted to

hear about replica sets and i wanted to make sure that i covered it replica sets

make sure that i covered it replica sets ensures that a specified number of pod

ensures that a specified number of pod replicas are running at any given time

replicas are running at any given time however a deployment is a higher level

however a deployment is a higher level concept that manages replica sets and

concept that manages replica sets and provides updates to pods along with

provides updates to pods along with other features and so using deployments

other features and so using deployments is recommended over using replica sets

is recommended over using replica sets unless your workload requires it and i

unless your workload requires it and i will be including a link to replica sets

will be including a link to replica sets in the lesson text so speaking of

in the lesson text so speaking of workloads in kubernetes workloads are

workloads in kubernetes workloads are objects that set deployment rules four

objects that set deployment rules four pods based on these rules kubernetes

pods based on these rules kubernetes performs the deployment and updates the

performs the deployment and updates the workload with the current state of the

workload with the current state of the application workloads let you define the

application workloads let you define the rules for application scheduling scaling

rules for application scheduling scaling and upgrading now deployments which we

and upgrading now deployments which we just discussed is a type of workload and

just discussed is a type of workload and as we've seen a deployment runs multiple

as we've seen a deployment runs multiple replicas of your application and

replicas of your application and automatically replaces any instances

automatically replaces any instances that fail or become unresponsive

that fail or become unresponsive deployments are best used

deployments are best used for stateless applications another type

for stateless applications another type of workload is stateful sets and in

of workload is stateful sets and in contrast to deployments these are great

contrast to deployments these are great for when your application needs to

for when your application needs to maintain its identity and store data so

maintain its identity and store data so basically any application that requires

basically any application that requires some sort of persistent storage daemon

some sort of persistent storage daemon sets is another common workload that

sets is another common workload that ensures every node in the cluster runs a

ensures every node in the cluster runs a copy of that pod and this is for use

copy of that pod and this is for use cases where you're collecting logs or

cases where you're collecting logs or monitoring node performance now jobs is

monitoring node performance now jobs is a workload that launches one or more

a workload that launches one or more pods and ensures that a specified number

pods and ensures that a specified number of them successfully terminate jobs are

of them successfully terminate jobs are best used to run a finite task to

best used to run a finite task to completion as opposed to managing an

completion as opposed to managing an ongoing desired application state and

ongoing desired application state and cron jobs are similar to jobs however

cron jobs are similar to jobs however cron jobs runs to completion on a

cron jobs runs to completion on a cron-based schedule and so the last

cron-based schedule and so the last workload that i wanted to cover are

workload that i wanted to cover are config maps and these store general

config maps and these store general configuration information and so after

configuration information and so after you upload a config map any workload can

you upload a config map any workload can reference it as either an environment

reference it as either an environment variable or a volume mount and so just

variable or a volume mount and so just as a note config maps are not meant to

as a note config maps are not meant to store sensitive data if you're planning

store sensitive data if you're planning to do this please use secrets now i know

to do this please use secrets now i know this lesson has been extremely heavy in

this lesson has been extremely heavy in theory but these are fundamental

theory but these are fundamental concepts to know when dealing with

concepts to know when dealing with kubernetes and gke as well as the

kubernetes and gke as well as the objects that it supports so i recommend

objects that it supports so i recommend that if you need to go back and review

that if you need to go back and review this lesson if things aren't making

this lesson if things aren't making sense so that you can better understand

sense so that you can better understand it as these concepts all tie in together

it as these concepts all tie in together and will come up in the exam and so

and will come up in the exam and so that's pretty much all i wanted to cover

that's pretty much all i wanted to cover in this lesson on pods and object

in this lesson on pods and object management within gke so you can now

management within gke so you can now mark this lesson as complete

mark this lesson as complete and let's move on to the next one

and let's move on to the next one [Music]

[Music] welcome back and in this lesson i'm

welcome back and in this lesson i'm going to be diving into kubernetes

going to be diving into kubernetes services now services are a major

services now services are a major networking component when it comes to

networking component when it comes to working in kubernetes and can play a

working in kubernetes and can play a major factor when it comes to deciding

major factor when it comes to deciding on how you want to route your traffic

on how you want to route your traffic within your kubernetes cluster as well

within your kubernetes cluster as well in my experience services show up on the

in my experience services show up on the exam and so an understanding of how they

exam and so an understanding of how they work and the different types to use are

work and the different types to use are essential to understanding the big

essential to understanding the big picture of kubernetes this lesson will

picture of kubernetes this lesson will cover an overview on what services are

cover an overview on what services are what they do and the different types

what they do and the different types that are available along with their use

that are available along with their use cases now there's a lot to cover here so

cases now there's a lot to cover here so with that being said let's dive in now

with that being said let's dive in now as i had discussed earlier kubernetes

as i had discussed earlier kubernetes pods are ephemeral pods are created and

pods are ephemeral pods are created and destroyed to match the state of your

destroyed to match the state of your cluster so these resources are never

cluster so these resources are never permanent a perfect example of this is

permanent a perfect example of this is by using a deployment object so you can

by using a deployment object so you can create and destroy pods dynamically now

create and destroy pods dynamically now when it comes to networking in

when it comes to networking in kubernetes each pod gets its own ip

kubernetes each pod gets its own ip address however in a deployment a pod

address however in a deployment a pod that is running once destroyed will be

that is running once destroyed will be recreated with a new ip address and

recreated with a new ip address and there is no real way to keep track of

there is no real way to keep track of these i p addresses for communication as

these i p addresses for communication as they change very frequently and this is

they change very frequently and this is where services come into play now a

where services come into play now a service is an abstraction in the sense

service is an abstraction in the sense that it is not a process that listens on

that it is not a process that listens on some network interface

some network interface a service can be defined as a logical

a service can be defined as a logical set of pods an abstraction on top of the

set of pods an abstraction on top of the pod which provides a single persistent

pod which provides a single persistent ip address and dns name by which pods

ip address and dns name by which pods can be accessed it allows for routing

can be accessed it allows for routing external traffic into your kubernetes

external traffic into your kubernetes cluster and used inside your cluster for

cluster and used inside your cluster for more intelligent routing with services

more intelligent routing with services it is also very easy to manage load

it is also very easy to manage load balancing configuration for traffic

balancing configuration for traffic between replicas it helps pods scale

between replicas it helps pods scale quickly and easily as the service will

quickly and easily as the service will automatically handle the recreation of

automatically handle the recreation of pods and their new ip addresses the main

pods and their new ip addresses the main goal of services in kubernetes is to

goal of services in kubernetes is to provide persistent access to its pods

provide persistent access to its pods without the necessity to look for a

without the necessity to look for a pod's ip

pod's ip each time when the pod is recreated and

each time when the pod is recreated and again services also allow for external

again services also allow for external access from users to the applications

access from users to the applications inside the cluster without having to

inside the cluster without having to know the ip address of the individual

know the ip address of the individual pod in order to reach that application

pod in order to reach that application now in order for a service to route

now in order for a service to route traffic to the correct pod in the

traffic to the correct pod in the cluster there are some fields in the

cluster there are some fields in the manifest file that will help determine

manifest file that will help determine the end points on where traffic should

the end points on where traffic should be routed shown here on the right is the

be routed shown here on the right is the deployment manifest for reference and on

deployment manifest for reference and on the left is the services manifest now as

the left is the services manifest now as you can see here in the service manifest

you can see here in the service manifest on the left the kind is clearly defined

on the left the kind is clearly defined as service under metadata is the name of

as service under metadata is the name of the service and this will be the dns

the service and this will be the dns name of the service when it is created

name of the service when it is created so when it comes to the spec there is a

so when it comes to the spec there is a field here called a selector and this is

field here called a selector and this is what defines what pods should be

what defines what pods should be included in the service and it is the

included in the service and it is the labels under the selector that define

labels under the selector that define which pods and labels are what we

which pods and labels are what we discussed in the last lesson as

discussed in the last lesson as arbitrary key value pairs so any pod

arbitrary key value pairs so any pod with these matching labels is what will

with these matching labels is what will be added to the service as shown here in

be added to the service as shown here in the deployment file this workload will

the deployment file this workload will be a part of the service and its labels

be a part of the service and its labels match that of the selector in the

match that of the selector in the services file for type this is the type

services file for type this is the type of service that you will want to use in

of service that you will want to use in this example type cluster ip is used but

this example type cluster ip is used but depending on the use case you have a few

depending on the use case you have a few different ones to choose from now at the

different ones to choose from now at the bottom here is a list of port

bottom here is a list of port configurations protocol being the

configurations protocol being the network protocol to use with the port

network protocol to use with the port port being the port that incoming

port being the port that incoming traffic goes to and finally the target

traffic goes to and finally the target port which is the port on the pod that

port which is the port on the pod that traffic should be sent to and this will

traffic should be sent to and this will make more sense as we go through the

make more sense as we go through the upcoming diagrams so touching on

upcoming diagrams so touching on selectors and labels for a moment

selectors and labels for a moment kubernetes has a very unique way of

kubernetes has a very unique way of routing traffic and when it comes to

routing traffic and when it comes to services it's not any different services

services it's not any different services select pods based on their labels now

select pods based on their labels now when a selector request is made to the

when a selector request is made to the service it selects all pods in the

service it selects all pods in the cluster matching the key value pair

cluster matching the key value pair under the selector it chooses one of the

under the selector it chooses one of the pods if there are more than one with the

pods if there are more than one with the same key value pair and forwards the

same key value pair and forwards the network request to it and so here in

network request to it and so here in this example you can see that the

this example you can see that the selector specified for the service has a

selector specified for the service has a key value pair of app inventory you can

key value pair of app inventory you can see the pod on node 1 on the left holds

see the pod on node 1 on the left holds the label of app inventory as well which

the label of app inventory as well which matches the key value pair of the

matches the key value pair of the selector and so traffic will get routed

selector and so traffic will get routed to that pod because of it if you look at

to that pod because of it if you look at the label for the pod in node 2 on the

the label for the pod in node 2 on the right the label does not match that of

right the label does not match that of the selector and so it will not route

the selector and so it will not route traffic to that pod and so to sum it up

traffic to that pod and so to sum it up the label on the pod matching the

the label on the pod matching the selector in the service determines where

selector in the service determines where the network request will get routed to

the network request will get routed to and so now i will be going through the

and so now i will be going through the many different service types that are

many different service types that are available for routing network traffic

available for routing network traffic within gke starting with cluster ip

within gke starting with cluster ip now a cluster ip service is the default

now a cluster ip service is the default kubernetes service it gives you a

kubernetes service it gives you a service inside your cluster that other

service inside your cluster that other apps inside your cluster can access the

apps inside your cluster can access the service is not exposed outside the

service is not exposed outside the cluster but can be addressed from within

cluster but can be addressed from within the cluster when you create a service of

the cluster when you create a service of type cluster ip kubernetes creates a

type cluster ip kubernetes creates a stable ip address that is accessible

stable ip address that is accessible from nodes in the cluster clients in the

from nodes in the cluster clients in the cluster call the service by using the

cluster call the service by using the cluster ip address and the port value

cluster ip address and the port value specified in the port field of the

specified in the port field of the service manifest the request is

service manifest the request is forwarded to one of the member pods on

forwarded to one of the member pods on the port specified in the target port

the port specified in the target port field and just as a note this ip address

field and just as a note this ip address is stable for the lifetime of the

is stable for the lifetime of the service so for this example a client

service so for this example a client calls the service at 10.176

on tcp port 80. the request is forwarded to one of the member pods on tcp port

to one of the member pods on tcp port 80. note that the member pod must have a

80. note that the member pod must have a container that is listening on tcp port

container that is listening on tcp port 80. if there is no container listening

80. if there is no container listening on port 80 clients will see a message

on port 80 clients will see a message like fail to connect or this site can't

like fail to connect or this site can't be reached think of the case when you

be reached think of the case when you have a dns record that you don't want to

have a dns record that you don't want to change and you want the name to resolve

change and you want the name to resolve to the same ip address or you merely

to the same ip address or you merely want a static ip address for your

want a static ip address for your workload this would be a great use case

workload this would be a great use case for the use of the cluster ip service

for the use of the cluster ip service now although the service is not

now although the service is not accessible by network requests outside

accessible by network requests outside of the cluster

of the cluster if you need to connect to the service

if you need to connect to the service you can still connect to it with the

you can still connect to it with the cloud sdk or cloud shell by using the

cloud sdk or cloud shell by using the exposed ip address of the cluster and so

exposed ip address of the cluster and so i wanted to take a moment to show you

i wanted to take a moment to show you what a cluster ip manifest actually

what a cluster ip manifest actually looks like and i will be going through

looks like and i will be going through the manifest for each service type for

the manifest for each service type for you to familiarize yourself with we

you to familiarize yourself with we first have the name of the service which

first have the name of the service which is cluster ip dash service

is cluster ip dash service we then have the label used for the

we then have the label used for the selector which is the key value pair of

selector which is the key value pair of app inventory and then we have the

app inventory and then we have the service type which is cluster ip and we

service type which is cluster ip and we have the port number exposed internally

have the port number exposed internally in the cluster which is port 80 along

in the cluster which is port 80 along with the target port that containers are

with the target port that containers are listening on which again is port 80. and

listening on which again is port 80. and so the next service type we have is node

so the next service type we have is node port

port so when you create a service of type

so when you create a service of type node port you specify a node port value

node port you specify a node port value the node port is a static port and is

the node port is a static port and is chosen from a pre-configured range

chosen from a pre-configured range between 30 000 and 32

between 30 000 and 32 760

760 you can specify your own value within

you can specify your own value within this range but please note that any

this range but please note that any value outside of this range will not be

value outside of this range will not be accepted by kubernetes as well if you do

accepted by kubernetes as well if you do not choose a value a random value within

not choose a value a random value within the range specified will be assigned

the range specified will be assigned once this port range has been assigned

once this port range has been assigned to the service then the service is

to the service then the service is accessible by using the ip address of

accessible by using the ip address of any node along with the no port value

any node along with the no port value the service is then exposed on a port on

the service is then exposed on a port on every node in the cluster the service

every node in the cluster the service can then be accessed externally at the

can then be accessed externally at the node ip along with the node port when

node ip along with the node port when using node port services you must make

using node port services you must make sure that the selected port is not

sure that the selected port is not already open on your nodes and so just

already open on your nodes and so just as a note the no port type is an

as a note the no port type is an extension of the cluster i p type so a

extension of the cluster i p type so a service of type node port naturally has

service of type node port naturally has a cluster i p address and so this method

a cluster i p address and so this method isn't very secure as it opens up each

isn't very secure as it opens up each node to external entry as well this

node to external entry as well this method relies on knowing the ip

method relies on knowing the ip addresses of the nodes which could

addresses of the nodes which could change at any time and so going through

change at any time and so going through the manifest of type node port service

the manifest of type node port service we start off with the name of the

we start off with the name of the service which is node port dash service

service which is node port dash service the label used for the selector which

the label used for the selector which uses the key value pair of app inventory

uses the key value pair of app inventory the type which is node port and notice

the type which is node port and notice the case sensitivity here which you will

the case sensitivity here which you will find in most service types along with

find in most service types along with the port number exposed internally in

the port number exposed internally in the cluster which is port 80 and again

the cluster which is port 80 and again the port that the containers are

the port that the containers are listening on which is the target port

listening on which is the target port which is port 80 as well and lastly and

which is port 80 as well and lastly and most importantly we have the no port

most importantly we have the no port value which is marked as you saw in the

value which is marked as you saw in the diagram earlier as port

diagram earlier as port 32002 the next service type we have up

32002 the next service type we have up is low balancer and this service is

is low balancer and this service is exposed as a load balancer in the

exposed as a load balancer in the cluster low balancer services will

cluster low balancer services will create an internal kubernetes service

create an internal kubernetes service that is connected to a cloud provider's

that is connected to a cloud provider's load balancer and in this case google

load balancer and in this case google cloud this will create a static publicly

cloud this will create a static publicly addressable ip address and a dns name

addressable ip address and a dns name that can be used to access your cluster

that can be used to access your cluster from an external source the low balancer

from an external source the low balancer type is an extension of the no port type

type is an extension of the no port type so a service of type load balancer

so a service of type load balancer naturally has a cluster ip address if

naturally has a cluster ip address if you want to directly expose a service

you want to directly expose a service this is the default method all traffic

this is the default method all traffic on the port you specify

on the port you specify will be forwarded to the service there

will be forwarded to the service there is no filtering or routing and it means

is no filtering or routing and it means you can send many different types of

you can send many different types of traffic to it like http https tcp or udp

traffic to it like http https tcp or udp and more the downside here is that for

and more the downside here is that for each service you expose with a low

each service you expose with a low balancer you pay for that load balancer

balancer you pay for that load balancer and so you can really rack up your bill

and so you can really rack up your bill if you're using multiple load balancers

if you're using multiple load balancers and shown here is the manifest for type

and shown here is the manifest for type load balancer it shows the name of the

load balancer it shows the name of the service load balancer dash service the

service load balancer dash service the label which is used for the selector

label which is used for the selector which is the key value pair of app

which is the key value pair of app inventory

inventory the service type which is low balancer

the service type which is low balancer again notice the case sensitivity along

again notice the case sensitivity along with the port and the target port which

with the port and the target port which are both port 80. and so this is the end

are both port 80. and so this is the end of part one of this lesson it was

of part one of this lesson it was getting a bit long so i decided to break

getting a bit long so i decided to break it up this would be a great opportunity

it up this would be a great opportunity for you to get up and have a stretch get

for you to get up and have a stretch get yourself a coffee or tea and whenever

yourself a coffee or tea and whenever you're ready part two will be starting

you're ready part two will be starting immediately from the end of part one so

immediately from the end of part one so go ahead and mark this as complete and

go ahead and mark this as complete and i'll see you in the next one

i'll see you in the next one [Music]

[Music] welcome back this is part two of the

welcome back this is part two of the kubernetes services lesson and we're

kubernetes services lesson and we're going to continue immediately from the

going to continue immediately from the end of part one so whenever you're ready

end of part one so whenever you're ready let's dive in and so the next service

let's dive in and so the next service type we have is multiport services

type we have is multiport services now for some services there is the need

now for some services there is the need to expose more than one port kubernetes

to expose more than one port kubernetes lets you configure multiple port

lets you configure multiple port definitions on a service object so when

definitions on a service object so when using multiple ports for a service you

using multiple ports for a service you must give all your ports names and if

must give all your ports names and if you have multiple service ports these

you have multiple service ports these names must be unique in this example if

names must be unique in this example if a client calls the service at 10.176.1

on tcp port 80 the request is forwarded to a member pod on tcp port 80 on either

to a member pod on tcp port 80 on either node 1 or node 2. but if a client calls

node 1 or node 2. but if a client calls the service at 10.176.133.7

on tcp port 9752 the request is forwarded to the pod on tcp port 9752

forwarded to the pod on tcp port 9752 that resides on node 1. each member pod

that resides on node 1. each member pod must have a container listening on tcp

must have a container listening on tcp port 80 and a container listening on tcp

port 80 and a container listening on tcp port 9752 this could be a single

port 9752 this could be a single container with two threads or two

container with two threads or two containers running in the same pod and

containers running in the same pod and of course as shown here is a manifest

of course as shown here is a manifest showing the multi-port services

showing the multi-port services the name of the service

the name of the service the label used for the selector

the label used for the selector as well as the service type the port

as well as the service type the port node exposed internally for each

node exposed internally for each separate workload as well as the port

separate workload as well as the port that containers are listening on for

that containers are listening on for each workload as well and as you saw

each workload as well and as you saw before nginx was using target port 80

before nginx was using target port 80 where appy was using port 9752 moving on

where appy was using port 9752 moving on to another service type is external name

to another service type is external name now a service of type external name

now a service of type external name provides an internal alias for an

provides an internal alias for an external dns name internal clients make

external dns name internal clients make requests using the internal dns name and

requests using the internal dns name and the requests are redirected to the

the requests are redirected to the external name when you create a service

external name when you create a service kubernetes creates a dns name that

kubernetes creates a dns name that internal clients can use to call the

internal clients can use to call the service in this example the internal dns

service in this example the internal dns name is bowtie.sql when an internal

name is bowtie.sql when an internal client makes a request to the internal

client makes a request to the internal dns name of bowtie.sql the request gets

dns name of bowtie.sql the request gets redirected to bowtie.sql2

redirected to bowtie.sql2 dot bow tie inc dot private the external

dot bow tie inc dot private the external name service type is a bit different

name service type is a bit different than other service types as it's not

than other service types as it's not associated with a set of pods or an ip

associated with a set of pods or an ip address it is a mapping from an internal

address it is a mapping from an internal dns name to an external dns name this

dns name to an external dns name this service does a simple cname redirection

service does a simple cname redirection and is a great use case for any external

and is a great use case for any external service that resides outside of your

service that resides outside of your cluster and again here is a view of a

cluster and again here is a view of a manifest for type external name here

manifest for type external name here showing the internal dns name along with

showing the internal dns name along with the external dns name redirect and

the external dns name redirect and moving on to the last service type we

moving on to the last service type we have the headless service type now

have the headless service type now sometimes you don't need or want low

sometimes you don't need or want low balancing and a single service ip in

balancing and a single service ip in this case you can create headless

this case you can create headless services by specifying none as the

services by specifying none as the service type in the manifest file this

service type in the manifest file this option also allows you to choose other

option also allows you to choose other service discovery mechanisms without

service discovery mechanisms without being tied to kubernetes implementation

being tied to kubernetes implementation applications can still use a

applications can still use a self-registration pattern with this

self-registration pattern with this service and so a great use case for this

service and so a great use case for this is when you don't need any low balancing

is when you don't need any low balancing or routing you only need the service to

or routing you only need the service to patch the request to the back end pod no

patch the request to the back end pod no ips needed headless service is typically

ips needed headless service is typically used with stateful sets where the name

used with stateful sets where the name of the pods are fixed this is useful in

of the pods are fixed this is useful in situations like when you're setting up a

situations like when you're setting up a mysql cluster where you need to know the

mysql cluster where you need to know the name of the master and so here is a

name of the master and so here is a manifest for the headless service again

manifest for the headless service again the service type is marked as none and

the service type is marked as none and so to sum it up kubernetes services

so to sum it up kubernetes services provides the interfaces through which

provides the interfaces through which pods can communicate with each other

pods can communicate with each other they also act as the main gateway for

they also act as the main gateway for your application services use selectors

your application services use selectors to identify which pods they should

to identify which pods they should control they expose an ip address and a

control they expose an ip address and a port that is not necessarily the same

port that is not necessarily the same port at which the pod is listening and

port at which the pod is listening and services can expose more than one port

services can expose more than one port and can also route traffic to other

and can also route traffic to other services external ip addresses or dns

services external ip addresses or dns names services make it really easy to

names services make it really easy to create network services in kubernetes

create network services in kubernetes each service can be backed with as many

each service can be backed with as many pods as needed without having to make

pods as needed without having to make your code aware of how each service is

your code aware of how each service is backed also please note that there are

backed also please note that there are many other features and use cases within

many other features and use cases within the services that have been mentioned

the services that have been mentioned that i've not brought up i will also

that i've not brought up i will also include some links in the lesson text

include some links in the lesson text for those who are interested in diving

for those who are interested in diving deeper into services this lesson was to

deeper into services this lesson was to merely summarize the different service

merely summarize the different service types and knowing these service types

types and knowing these service types will put you in a great position on the

will put you in a great position on the exam for any questions that cover

exam for any questions that cover services within gke now i know this has

services within gke now i know this has been another lesson that's been

been another lesson that's been extremely heavy in theory and has been a

extremely heavy in theory and has been a tremendous amount to take in but not to

tremendous amount to take in but not to worry next up is a demo that will put

worry next up is a demo that will put all this theory into practice and we'll

all this theory into practice and we'll be going ahead and building a cluster

be going ahead and building a cluster along with touching on much of the

along with touching on much of the components discussed within the past few

components discussed within the past few lessons and so that's pretty much all i

lessons and so that's pretty much all i wanted to cover when it comes to

wanted to cover when it comes to kubernetes service types so you can now

kubernetes service types so you can now mark this lesson as complete and

mark this lesson as complete and whenever you're ready join me in the

whenever you're ready join me in the console

console [Music]

[Music] welcome back

welcome back in this lesson i'll be going over

in this lesson i'll be going over ingress for gke

ingress for gke an object within gke that defines rules

an object within gke that defines rules for routing traffic to specific services

for routing traffic to specific services ingress is a well-known topic that comes

ingress is a well-known topic that comes up in the exam

up in the exam as well as being a common resource that

as well as being a common resource that is used in many gke clusters that you

is used in many gke clusters that you will see in most environments

will see in most environments something that you will get very

something that you will get very familiar with while diving deeper into

familiar with while diving deeper into more complex environments

more complex environments so whenever you're ready let's dive in

so whenever you're ready let's dive in now in gke an ingress object defines

now in gke an ingress object defines rules for routing http and https traffic

rules for routing http and https traffic to applications running in a cluster

to applications running in a cluster an ingress object is associated with one

an ingress object is associated with one or more service objects

or more service objects each of which is associated with a set

each of which is associated with a set of pods

of pods when you create an ingress object the

when you create an ingress object the gke ingress controller

gke ingress controller creates a google cloud

creates a google cloud http or https load balancer and

http or https load balancer and configures it according to the

configures it according to the information in the ingress and its

information in the ingress and its associated services

associated services gke ingress is a built-in

gke ingress is a built-in and managed ingress controller

and managed ingress controller this controller implements ingress

this controller implements ingress resources as google cloud load balancers

resources as google cloud load balancers for http and https workloads in gke

for http and https workloads in gke also the load balancer is given a stable

also the load balancer is given a stable ip address that you can associate with a

ip address that you can associate with a domain name each external http

domain name each external http and https load balancer or internal http

and https load balancer or internal http or https load balancer uses a single url

or https load balancer uses a single url map

map which references one or more back-end

which references one or more back-end services

services one back-end service corresponds to each

one back-end service corresponds to each service referenced by the ingress in

service referenced by the ingress in this example assume that you have

this example assume that you have associated the load balancers ip address

associated the load balancers ip address with the domain name bowtieinc.co

with the domain name bowtieinc.co when a client sends a request to

when a client sends a request to bowtieinc.co

bowtieinc.co the request is routed to a kubernetes

the request is routed to a kubernetes service named products on port 80. and

service named products on port 80. and when a client sends a request to

when a client sends a request to bowtieinc.co

bowtieinc.co forward slash discontinued the request

forward slash discontinued the request is routed to a kubernetes service named

is routed to a kubernetes service named discontinued on port 21337

discontinued on port 21337 ingress is probably the most powerful

ingress is probably the most powerful way to expose your services but can also

way to expose your services but can also be very complex

be very complex as there are also many types of ingress

as there are also many types of ingress controllers to choose from

controllers to choose from along with plugins for ingress

along with plugins for ingress controllers

controllers ingress is the most useful and cost

ingress is the most useful and cost effective if you want to expose

effective if you want to expose multiple services under the same ip

multiple services under the same ip address

address as you only pay

as you only pay for one load balancer if you are using

for one load balancer if you are using the native gcp integration

the native gcp integration and comes with a slew of features

and comes with a slew of features and so shown here is the ingress

and so shown here is the ingress manifest which is a bit different from

manifest which is a bit different from the other manifest that you've seen

the other manifest that you've seen as it holds rules for different paths

as it holds rules for different paths explain in the previous diagram in the

explain in the previous diagram in the manifest shown here one path directs all

manifest shown here one path directs all traffic

traffic to the product's service name

to the product's service name while the other path redirects traffic

while the other path redirects traffic from discontinued to the back end

from discontinued to the back end service name of discontinued

service name of discontinued and note that each of these service

and note that each of these service names have their own independent

names have their own independent manifest

manifest as it is needed to create the service

as it is needed to create the service and are referenced within the ingress

and are referenced within the ingress manifest

manifest so the more rules you have for different

so the more rules you have for different paths or ports the more services you

paths or ports the more services you will need

will need now i wanted to touch on network

now i wanted to touch on network endpoint groups or any g's for short for

endpoint groups or any g's for short for just a second

just a second now this is a configuration object that

now this is a configuration object that specifies a group of back-end endpoints

specifies a group of back-end endpoints or services

or services negs are useful

negs are useful for container native load balancing

for container native load balancing where each container can be represented

where each container can be represented as an endpoint to the load balancer the

as an endpoint to the load balancer the negs are used to track pod endpoints

negs are used to track pod endpoints dynamically so the google low balancer

dynamically so the google low balancer can route traffic to its appropriate

can route traffic to its appropriate back ends

back ends so traffic is low balanced from the load

so traffic is low balanced from the load balancer directly to the pod ip

balancer directly to the pod ip as opposed to traversing the vm ip and

as opposed to traversing the vm ip and coupe proxy networking in these

coupe proxy networking in these conditions

conditions services will be annotated automatically

services will be annotated automatically indicating that a neg

indicating that a neg should be created to mirror the pod ips

should be created to mirror the pod ips within the service the neg is what

within the service the neg is what allows compute engine load balancers to

allows compute engine load balancers to communicate directly with pods the

communicate directly with pods the diagram shown here is the ingress to

diagram shown here is the ingress to compute engine resource mappings of the

compute engine resource mappings of the manifest that you saw earlier where the

manifest that you saw earlier where the gke ingress controller

gke ingress controller deploys and manages compute engine low

deploys and manages compute engine low balancer resources based on the

balancer resources based on the ingressed resources

ingressed resources that are deployed in the cluster

that are deployed in the cluster now touching on health checks for just a

now touching on health checks for just a minute if there are no specified health

minute if there are no specified health check parameters for a corresponding

check parameters for a corresponding service

service using a back-end custom resource

using a back-end custom resource definition

definition a set of default and inferred parameters

a set of default and inferred parameters are used health check parameters for a

are used health check parameters for a back-end service should be explicitly

back-end service should be explicitly defined by creating a back-end config

defined by creating a back-end config custom resource definition for the

custom resource definition for the service and this should be done if

service and this should be done if you're using anthos

you're using anthos a backend config custom resource

a backend config custom resource definition should also be used if you

definition should also be used if you have more than one container in the

have more than one container in the serving pods as well if you need control

serving pods as well if you need control over the port that's used for the low

over the port that's used for the low balancers health checks now you can

balancers health checks now you can specify the backend services health

specify the backend services health check parameters

check parameters using the health check parameter of a

using the health check parameter of a back-end config custom resource

back-end config custom resource definition referenced by the

definition referenced by the corresponding service

corresponding service this gives you more flexibility and

this gives you more flexibility and control

control over health checks for a google cloud

over health checks for a google cloud external http or https load balancer or

external http or https load balancer or internal http or https load balancer

internal http or https load balancer created by an ingress

created by an ingress and lastly i wanted to touch on ssl

and lastly i wanted to touch on ssl certificates and there are three ways to

certificates and there are three ways to provide ssl certificates to an http or

provide ssl certificates to an http or https load balancer the first way is

https load balancer the first way is google managed certificates

google managed certificates and these are provisioned deployed

and these are provisioned deployed renewed

renewed and managed for your domains and just as

and managed for your domains and just as a note

a note managed certificates do not support

managed certificates do not support wildcard domains the second way to

wildcard domains the second way to provide ssl certificates is through

provide ssl certificates is through self-managed certificates that are

self-managed certificates that are shared with google cloud you can

shared with google cloud you can provision your own ssl certificate

provision your own ssl certificate and create a certificate resource

and create a certificate resource in your google cloud project you can

in your google cloud project you can then list the certificate resource in an

then list the certificate resource in an annotation on an ingress to create an

annotation on an ingress to create an http or https load balancer that uses

http or https load balancer that uses the certificate and the last way to

the certificate and the last way to provide ssl certificates is through

provide ssl certificates is through self-managed certificates as secret

self-managed certificates as secret resources so you can provision your own

resources so you can provision your own ssl certificate and create a secret to

ssl certificate and create a secret to hold it you can then refer to the secret

hold it you can then refer to the secret as an ingress specification to create an

as an ingress specification to create an http or https load balancer that uses

http or https load balancer that uses this certificate and just as a note you

this certificate and just as a note you can specify multiple certificates in an

can specify multiple certificates in an ingress manifest the load balancer

ingress manifest the load balancer chooses a certificate if the common name

chooses a certificate if the common name in the certificate

in the certificate matches the host name

matches the host name used in the request and so that pretty

used in the request and so that pretty much covers

much covers all the main topics in this short lesson

all the main topics in this short lesson on ingress for gke

on ingress for gke so you can now mark this lesson as

so you can now mark this lesson as complete

complete and let's move on to the next one

and let's move on to the next one [Music]

[Music] welcome back

welcome back in this lesson i'll be going over gke

in this lesson i'll be going over gke storage options now kubernetes currently

storage options now kubernetes currently offers a slew of different storage

offers a slew of different storage options

options and is only enhanced by the added

and is only enhanced by the added features available in google cloud for

features available in google cloud for gke we'll also be getting into the

gke we'll also be getting into the different abstractions that kubernetes

different abstractions that kubernetes offers to manage storage

offers to manage storage and how they can be used for different

and how they can be used for different types of workloads

types of workloads now there's quite a bit to go over here

now there's quite a bit to go over here so with that being said let's dive in

so with that being said let's dive in now as i stated before there are several

now as i stated before there are several storage options for applications running

storage options for applications running on gke

on gke the choices vary in terms of flexibility

the choices vary in terms of flexibility and ease of use

and ease of use google cloud offers several storage

google cloud offers several storage options that can be used for your

options that can be used for your specific workload

specific workload kubernetes also provides storage

kubernetes also provides storage abstractions which i will be getting

abstractions which i will be getting into in just a bit the easiest storage

into in just a bit the easiest storage options are google cloud's managed

options are google cloud's managed storage products if you need to connect

storage products if you need to connect a database to your cluster you can

a database to your cluster you can consider

consider using cloud sql datastore or cloud

using cloud sql datastore or cloud spanner and when it comes to object

spanner and when it comes to object storage cloud storage would be an

storage cloud storage would be an excellent option to fill the gap file

excellent option to fill the gap file store is a great option for when your

store is a great option for when your application requires

application requires managed network attached storage and if

managed network attached storage and if your application requires block storage

your application requires block storage the best option is to use persistent

the best option is to use persistent disks

disks and can be provisioned manually or

and can be provisioned manually or provisioned dynamically through

provisioned dynamically through kubernetes now i wanted to first start

kubernetes now i wanted to first start off with kubernetes storage abstractions

off with kubernetes storage abstractions but in order to understand kubernetes

but in order to understand kubernetes storage abstractions i wanted to take a

storage abstractions i wanted to take a moment to explain how storage is mounted

moment to explain how storage is mounted in the concept of docker now docker has

in the concept of docker now docker has a concept of volumes

a concept of volumes though it is somewhat looser and less

though it is somewhat looser and less managed than kubernetes

managed than kubernetes a docker volume is a directory on disk

a docker volume is a directory on disk or in another container

or in another container docker provides volume drivers but the

docker provides volume drivers but the functionality is somewhat limited a

functionality is somewhat limited a docker container has a writable layer

docker container has a writable layer and this is where the data is stored by

and this is where the data is stored by default

default making the data ephemeral and so data is

making the data ephemeral and so data is not persisted when the container is

not persisted when the container is removed so storing data inside a

removed so storing data inside a container is not always recommended now

container is not always recommended now there are three ways to mount data

there are three ways to mount data inside a docker container the first way

inside a docker container the first way is a docker volume and sits inside the

is a docker volume and sits inside the docker area within the host's file

docker area within the host's file system and can be shared amongst other

system and can be shared amongst other containers

containers this volume is a docker object and is

this volume is a docker object and is decoupled from the container

decoupled from the container they can be attached and shared across

they can be attached and shared across multiple containers as well bind

multiple containers as well bind mounting is the second way to mount data

mounting is the second way to mount data and is coming directly from the host's

and is coming directly from the host's file system

file system bind mounts are great for local

bind mounts are great for local application development

application development yet cannot be shared across containers

yet cannot be shared across containers and the last way to mount data is by

and the last way to mount data is by using temp-fs

using temp-fs and is stored in the host's memory this

and is stored in the host's memory this way is great for ephemeral data and

way is great for ephemeral data and increases performance as it no longer

increases performance as it no longer lies in the container's writable layer

lies in the container's writable layer now with kubernetes storage abstractions

now with kubernetes storage abstractions file system and block based storage are

file system and block based storage are provided to your pods but are different

provided to your pods but are different than docker in nature volumes are the

than docker in nature volumes are the basic storage unit in kubernetes that

basic storage unit in kubernetes that decouples the storage from the container

decouples the storage from the container and tie it to the pod and not the

and tie it to the pod and not the container like in docker a regular

container like in docker a regular volume simply called volume is basically

volume simply called volume is basically a directory that the containers in a pod

a directory that the containers in a pod have access to the particular volume

have access to the particular volume type used is what will determine its

type used is what will determine its purpose

purpose some volume types are backed by

some volume types are backed by ephemeral storage

ephemeral storage like empty dir

like empty dir config map and secrets and these volumes

config map and secrets and these volumes do not persist after the pod ceases to

do not persist after the pod ceases to exist

exist volumes are useful for caching temporary

volumes are useful for caching temporary information

information sharing files between containers

sharing files between containers or to load data into a pod other volume

or to load data into a pod other volume types are backed by durable storage and

types are backed by durable storage and persist beyond the lifetime of a pod

persist beyond the lifetime of a pod like persistent volumes and persistent

like persistent volumes and persistent volume claims a persistent volume is a

volume claims a persistent volume is a cluster resource

cluster resource that pods can use for durable storage a

that pods can use for durable storage a persistent volume claim

persistent volume claim can be used to dynamically provision a

can be used to dynamically provision a persistent volume

persistent volume backed by persistent disks persistent

backed by persistent disks persistent volume claims can also be used to

volume claims can also be used to provision other types of backing storage

provision other types of backing storage like nfs

like nfs and i will be getting more into

and i will be getting more into persistent volumes and persistent volume

persistent volumes and persistent volume claims in just a bit

claims in just a bit now as you saw in docker on disk files

now as you saw in docker on disk files in a container are the simplest place

in a container are the simplest place for an application to write data but

for an application to write data but files are lost when the container

files are lost when the container crashes or stops for any other reason

crashes or stops for any other reason as well as being unaccessible to other

as well as being unaccessible to other containers running in the same pod in

containers running in the same pod in kubernetes the volume source declared in

kubernetes the volume source declared in the pod specification determines how the

the pod specification determines how the directory is created

directory is created the storage medium used

the storage medium used and the directory's initial contents

and the directory's initial contents a pod specifies what volumes it contains

a pod specifies what volumes it contains and the path where containers mount the

and the path where containers mount the volume ephemeral volume types

volume ephemeral volume types live the same amount of time as the pods

live the same amount of time as the pods they are connected to these volumes are

they are connected to these volumes are created when the pod is created and

created when the pod is created and persist through container restarts only

persist through container restarts only when the pod terminates or is deleted

when the pod terminates or is deleted are the volumes terminated as well other

are the volumes terminated as well other volume types are interfaces to durable

volume types are interfaces to durable storage that exist independently of a

storage that exist independently of a pod like ephemeral volumes data in a

pod like ephemeral volumes data in a volume backed by durable storage

volume backed by durable storage is preserved when the pod is removed

is preserved when the pod is removed the volume is merely unmounted and the

the volume is merely unmounted and the data can be handed off to another pod

data can be handed off to another pod now volumes differ in their storage

now volumes differ in their storage implementation

implementation and their initial contents you can

and their initial contents you can choose the volume source that best fits

choose the volume source that best fits your use case

your use case and i will be going over some common

and i will be going over some common volume sources

volume sources that are used and you will see

that are used and you will see in many gke implementations the first

in many gke implementations the first volume that i want to bring up is empty

volume that i want to bring up is empty dir

dir now an empty dir volume provides an

now an empty dir volume provides an empty directory that containers in the

empty directory that containers in the pod can read and write from when the pod

pod can read and write from when the pod is removed from a node for any reason

is removed from a node for any reason the data in the empty dir is deleted

the data in the empty dir is deleted forever an empty dir volume is stored on

forever an empty dir volume is stored on whatever medium is backing the node

whatever medium is backing the node which might be a disk

which might be a disk ssd or network storage

ssd or network storage empty der volumes are useful for scratch

empty der volumes are useful for scratch space and sharing data between multiple

space and sharing data between multiple containers in a pod

containers in a pod the next type of volume that i wanted to

the next type of volume that i wanted to go over is config map

go over is config map and config map is a resource that

and config map is a resource that provides a way to inject configuration

provides a way to inject configuration data into pods

data into pods the data stored in a config map object

the data stored in a config map object can be referenced in a volume of type

can be referenced in a volume of type config map

config map and then consumed through files running

and then consumed through files running in a pod the next volume type is secret

in a pod the next volume type is secret and a secret volume is used to make

and a secret volume is used to make sensitive data such as passwords oauth

sensitive data such as passwords oauth tokens and ssh keys

tokens and ssh keys available to applications

available to applications the data stored in a secret object can

the data stored in a secret object can be referenced in a volume of type secret

be referenced in a volume of type secret and then consumed through files running

and then consumed through files running in a pod

in a pod next volume type is downward api and

next volume type is downward api and this volume makes downward api data

this volume makes downward api data available to applications

available to applications so this data includes information

so this data includes information about the pod and container in which an

about the pod and container in which an application is running in

application is running in an example of this would be to expose

an example of this would be to expose information about the pods namespace and

information about the pods namespace and ip address to applications and the last

ip address to applications and the last volume type that i wanted to touch on is

volume type that i wanted to touch on is persistent volume claim now a persistent

persistent volume claim now a persistent volume claim volume can be used to

volume claim volume can be used to provision durable storage so that they

provision durable storage so that they can be used by applications a pod uses a

can be used by applications a pod uses a persistent volume claim

persistent volume claim to mount a volume that is backed by this

to mount a volume that is backed by this durable storage and so now that i've

durable storage and so now that i've covered volumes i wanted to go into a

covered volumes i wanted to go into a bit of detail about persistent volumes

bit of detail about persistent volumes persistent volume resources are used to

persistent volume resources are used to manage durable storage in a cluster in

manage durable storage in a cluster in gke a persistent volume

gke a persistent volume is typically backed by a persistent disk

is typically backed by a persistent disk or file store can be used as an nfs

or file store can be used as an nfs solution unlike volumes the persistent

solution unlike volumes the persistent volume life cycle is managed by

volume life cycle is managed by kubernetes and can be dynamically

kubernetes and can be dynamically provisioned

provisioned without the need to manually create and

without the need to manually create and delete the backing storage persistent

delete the backing storage persistent volume resources are cluster resources

volume resources are cluster resources that exist independently of pods and

that exist independently of pods and continue to persist as the cluster

continue to persist as the cluster changes and as pods are deleted and

changes and as pods are deleted and recreated moving on to persistent volume

recreated moving on to persistent volume claims this is a request for

claims this is a request for and claim to

and claim to a persistent volume resource persistent

a persistent volume resource persistent volume claim objects request a specific

volume claim objects request a specific size

size access mode and storage class for the

access mode and storage class for the persistent volume if an existing

persistent volume if an existing persistent volume can satisfy the

persistent volume can satisfy the request or can be provisioned the

request or can be provisioned the persistent volume claim is bound to that

persistent volume claim is bound to that persistent volume and just as a note

persistent volume and just as a note pods use claims

pods use claims as volumes the cluster inspects the

as volumes the cluster inspects the claim to find the bound volume and

claim to find the bound volume and mounts that volume for the pod

mounts that volume for the pod now i wanted to take a moment to go over

now i wanted to take a moment to go over storage classes and how they apply to

storage classes and how they apply to the overall storage in gke

the overall storage in gke now these volume implementations

now these volume implementations such as gce persistent disk are

such as gce persistent disk are configured through storage class

configured through storage class resources

resources gke creates a default storage class for

gke creates a default storage class for you which uses the standard persistent

you which uses the standard persistent disk type of ext4 as shown here the

disk type of ext4 as shown here the default storage class is used when a

default storage class is used when a persistent volume claim doesn't specify

persistent volume claim doesn't specify a storage class name

a storage class name and can also be replaced with one of

and can also be replaced with one of your choosing you can even create your

your choosing you can even create your own storage class resources to describe

own storage class resources to describe different classes of storage

different classes of storage and is helpful when using windows node

and is helpful when using windows node pools

pools now as i stated before persistent volume

now as i stated before persistent volume claims can automatically provision

claims can automatically provision persistent disks for you

persistent disks for you when you create this persistent volume

when you create this persistent volume claim object

claim object kubernetes dynamically creates a

kubernetes dynamically creates a corresponding persistent volume object

corresponding persistent volume object due to the gke default storage class

due to the gke default storage class this persistent volume

this persistent volume is backed by a new empty compute engine

is backed by a new empty compute engine persistent disk you use this disk in a

persistent disk you use this disk in a pod by using the claim as a volume when

pod by using the claim as a volume when you delete a claim the corresponding

you delete a claim the corresponding persistent volume object and the

persistent volume object and the provision compute engine persistent disk

provision compute engine persistent disk are also deleted now to prevent deletion

are also deleted now to prevent deletion you can set the reclaim policy of the

you can set the reclaim policy of the persistent disk resource

persistent disk resource or its storage class resource to retain

or its storage class resource to retain now deployments as shown here in this

now deployments as shown here in this diagram are designed for stateless

diagram are designed for stateless applications

applications so all replicas of a deployment

so all replicas of a deployment share the same persistent volume claim

share the same persistent volume claim which is why stateful sets are the

which is why stateful sets are the recommended method of deploying stateful

recommended method of deploying stateful applications

applications that require a unique volume per replica

that require a unique volume per replica by using stateful sets with persistent

by using stateful sets with persistent volume claim templates

volume claim templates you can have applications that can scale

you can have applications that can scale up automatically

up automatically with unique persistent volume claims

with unique persistent volume claims associated to each replica pod

associated to each replica pod now lastly i wanted to touch on some

now lastly i wanted to touch on some topics that will determine the storage

topics that will determine the storage access that is available for any gke

access that is available for any gke cluster in your environment now i first

cluster in your environment now i first wanted to start off with access modes

wanted to start off with access modes and there are three supported modes for

and there are three supported modes for your persistent disks that allow read

your persistent disks that allow read write access and are listed here read

write access and are listed here read write once is where the volume can be

write once is where the volume can be mounted as read write by a single node

mounted as read write by a single node read only many is where the volume can

read only many is where the volume can be mounted as a read only by many nodes

be mounted as a read only by many nodes and lastly read write many is where the

and lastly read write many is where the volume can be mounted as read write by

volume can be mounted as read write by many nodes and just as a note

many nodes and just as a note read write once is the most common use

read write once is the most common use case for persistent disks

case for persistent disks and works as the default access mode for

and works as the default access mode for most applications next i wanted to touch

most applications next i wanted to touch on the type of persistent disks that are

on the type of persistent disks that are available and the benefits and caveats

available and the benefits and caveats of access for each now going through the

of access for each now going through the persistent disks lesson of this course

persistent disks lesson of this course you probably know by now about the

you probably know by now about the available persistent disks when it comes

available persistent disks when it comes to zonal versus regional availability

to zonal versus regional availability and so this may be a refresher for some

and so this may be a refresher for some now going into regional persistent disks

now going into regional persistent disks these are multi-zonal resources that

these are multi-zonal resources that replicate data between two zones in the

replicate data between two zones in the same region and can be used similarly to

same region and can be used similarly to zonal persistent disks in the event of a

zonal persistent disks in the event of a zonal outage kubernetes can fail over

zonal outage kubernetes can fail over workloads using the volume to the other

workloads using the volume to the other zone regional persistent disks are great

zone regional persistent disks are great for highly available solutions for

for highly available solutions for stateful workloads on gke now zonal

stateful workloads on gke now zonal persistent disks

persistent disks are zonal resources

are zonal resources and so unless a zone is specified

and so unless a zone is specified gke assigns the disk to a single zone

gke assigns the disk to a single zone and chooses the zone at random once a

and chooses the zone at random once a persistent disk is provisioned

persistent disk is provisioned any pods referencing the disk are

any pods referencing the disk are scheduled to the same zone as the disk

scheduled to the same zone as the disk and just as a note

and just as a note using anti-affinity on zones

using anti-affinity on zones allows stateful set pods to be spread

allows stateful set pods to be spread across zones

across zones along with the corresponding disks and

along with the corresponding disks and the last point that i wanted to cover

the last point that i wanted to cover when it comes to persistent volume

when it comes to persistent volume access

access is the speed of access

is the speed of access now as stated in an earlier lesson the

now as stated in an earlier lesson the size of persistent disks determine the

size of persistent disks determine the iops and throughput of the disk gke

iops and throughput of the disk gke typically uses persistent disks

typically uses persistent disks as boot disks and to back kubernetes

as boot disks and to back kubernetes persistent volumes

persistent volumes so whenever possible use larger and

so whenever possible use larger and fewer disks

fewer disks to achieve higher iops and throughput

to achieve higher iops and throughput and so that pretty much covers

and so that pretty much covers everything that i wanted to go over

everything that i wanted to go over in this lesson on gke storage options

in this lesson on gke storage options so you can now mark this lesson as

so you can now mark this lesson as complete

complete and let's move on to the next one

and let's move on to the next one [Music]

[Music] welcome back in these next few demos i'm

welcome back in these next few demos i'm going to be doing a complete walkthrough

going to be doing a complete walkthrough and putting all the theory we learned

and putting all the theory we learned into practice through building and

into practice through building and interacting with gke clusters and you'll

interacting with gke clusters and you'll be building and deploying your own

be building and deploying your own containerized application on this

containerized application on this cluster called box of bowties so in this

cluster called box of bowties so in this demo we're going to be setting up our

demo we're going to be setting up our own gke cluster in the console along

own gke cluster in the console along with going through all the options that

with going through all the options that are available when deploying it we're

are available when deploying it we're also going to use the command line to

also going to use the command line to configure the cubectl command line tool

configure the cubectl command line tool so that we can interact with the cluster

so that we can interact with the cluster so with that being said let's dive in

so with that being said let's dive in and so here in the console i am logged

and so here in the console i am logged in as tonybowties gmail.com

in as tonybowties gmail.com under the project of bow tie inc and so

under the project of bow tie inc and so before launching the cluster i need to

before launching the cluster i need to make sure that my default vpc has been

make sure that my default vpc has been created so i'm going to go over to the

created so i'm going to go over to the navigation menu and i'm going to scroll

navigation menu and i'm going to scroll down to vpc network

down to vpc network and as expected the default network is

and as expected the default network is here so i can go ahead and create my

here so i can go ahead and create my cluster and so in order to get to my

cluster and so in order to get to my kubernetes engine console i'm going to

kubernetes engine console i'm going to go up to the navigation menu and i'm

go up to the navigation menu and i'm going to scroll down under compute and

going to scroll down under compute and you will find here kubernetes engine and

you will find here kubernetes engine and you'll see a few different options to

you'll see a few different options to choose from and over here on the left

choose from and over here on the left hand menu i will be going through these

hand menu i will be going through these options in the upcoming demos but for

options in the upcoming demos but for now i want to concentrate on creating

now i want to concentrate on creating our cluster now gk makes things pretty

our cluster now gk makes things pretty easy

easy as i have the option to create a cluster

as i have the option to create a cluster to deploy a container or even taking the

to deploy a container or even taking the quick start and so we're going to go

quick start and so we're going to go ahead and click on create our cluster

ahead and click on create our cluster and so here we are prompted with our

and so here we are prompted with our cluster basics now if i really wanted to

cluster basics now if i really wanted to i can simply fill out all the fields

i can simply fill out all the fields that you see here and click on create

that you see here and click on create and it will use all the defaults to

and it will use all the defaults to build my cluster but we're going to

build my cluster but we're going to customize it a little bit so we're going

customize it a little bit so we're going to go ahead and go through all these

to go ahead and go through all these options so first under name we're going

options so first under name we're going to name this cluster bowtie dash cluster

to name this cluster bowtie dash cluster and so under location type we want to

and so under location type we want to keep things as zonal and if i check off

keep things as zonal and if i check off the specify default node locations i'll

the specify default node locations i'll be able to make this a multi-zonal

be able to make this a multi-zonal cluster as i have the option of

cluster as i have the option of selecting from multiple zones where i

selecting from multiple zones where i can situate my nodes and so i can select

can situate my nodes and so i can select off a bunch of different zones if i

off a bunch of different zones if i choose but we want to keep it as a

choose but we want to keep it as a single zonal cluster and so i'm going to

single zonal cluster and so i'm going to check these all off

check these all off and under zone i'm going to click on the

and under zone i'm going to click on the drop down menu and i'm going to select

drop down menu and i'm going to select us east 1b and just as a note for each

us east 1b and just as a note for each zone that you select this is where the

zone that you select this is where the control plane will live so if i was to

control plane will live so if i was to create a multi-zonal cluster as you can

create a multi-zonal cluster as you can see the master zone is the zone where

see the master zone is the zone where the control plane will be created and is

the control plane will be created and is selected as us east 1b as that is the

selected as us east 1b as that is the zone that i had selected and so if i

zone that i had selected and so if i change this

change this to let's say us east 1d you can see that

to let's say us east 1d you can see that the control plane will change with it so

the control plane will change with it so i'm going to change it back to us east

i'm going to change it back to us east 1b and you also have the option of

1b and you also have the option of creating a regional cluster and the

creating a regional cluster and the location selection will change from zone

location selection will change from zone to region and here you will have to

to region and here you will have to specify at least one zone to select but

specify at least one zone to select but please also remember that the same

please also remember that the same number of nodes will be deployed to each

number of nodes will be deployed to each selected zone so if i have three nodes

selected zone so if i have three nodes in this cluster and i decide to select

in this cluster and i decide to select three zones then i will have nine nodes

three zones then i will have nine nodes in this cluster and so doing something

in this cluster and so doing something like this could get quite pricey when

like this could get quite pricey when you're looking to be cost conscious okay

you're looking to be cost conscious okay so moving on i'm going to uncheck

so moving on i'm going to uncheck specify default node locations i'm going

specify default node locations i'm going to change the location type back to

to change the location type back to zonal and make sure that my zone is at

zonal and make sure that my zone is at us east 1b moving down to the master

us east 1b moving down to the master version this is where we would select

version this is where we would select either a static version or opt-in to a

either a static version or opt-in to a release channel for the version of

release channel for the version of kubernetes that you want for your

kubernetes that you want for your cluster and so with the static version i

cluster and so with the static version i can choose from a bunch of different

can choose from a bunch of different versions here all the way back from

versions here all the way back from 1.14.10

1.14.10 all the way to the latest version and so

all the way to the latest version and so with the release channel i have the

with the release channel i have the release channel selection here and i can

release channel selection here and i can choose from the rapid channel the

choose from the rapid channel the regular channel or the stable channel

regular channel or the stable channel and so i'm going to keep things as the

and so i'm going to keep things as the default with the regular channel as well

default with the regular channel as well i'm going to keep the default version as

i'm going to keep the default version as the version of my choice now i could go

the version of my choice now i could go ahead and simply click on create here

ahead and simply click on create here but as this demo is a walkthrough i'm

but as this demo is a walkthrough i'm going to go ahead and go through all the

going to go ahead and go through all the available options so i'm going to start

available options so i'm going to start by going over to the left hand menu and

by going over to the left hand menu and clicking on default pool under no pools

clicking on default pool under no pools now here i have one node pool already

now here i have one node pool already with three nodes and this is the default

with three nodes and this is the default node pool that comes with any cluster

node pool that comes with any cluster but if i was doing something specific i

but if i was doing something specific i could add another node pool and

could add another node pool and configure it from here but because i

configure it from here but because i don't have a need for two node pools i'm

don't have a need for two node pools i'm gonna go ahead and remove nodepool1 so

gonna go ahead and remove nodepool1 so i'm going to go up here to remove

i'm going to go up here to remove nodepool and as you can see gke makes it

nodepool and as you can see gke makes it really easy for me to add or remove node

really easy for me to add or remove node pools so i'm going to go back to the

pools so i'm going to go back to the default pool and i'm going to keep the

default pool and i'm going to keep the name as is i'm gonna keep my number of

name as is i'm gonna keep my number of nodes as three and if i wanted to change

nodes as three and if i wanted to change the number of nodes i can simply select

the number of nodes i can simply select this i can choose six or however many

this i can choose six or however many nodes you need for your workload and so

nodes you need for your workload and so because we're not deploying a large

because we're not deploying a large workload i'm gonna keep this number at 3

workload i'm gonna keep this number at 3 and moving right along we do want to

and moving right along we do want to check off enable auto scaling and so

check off enable auto scaling and so this way we don't have to worry about

this way we don't have to worry about scaling up or scaling down and here i'm

scaling up or scaling down and here i'm going to put the minimum number of nodes

going to put the minimum number of nodes as one and i'm going to keep my maximum

as one and i'm going to keep my maximum number of nodes at 3. and so here i'm

number of nodes at 3. and so here i'm given the option to select the zone

given the option to select the zone location for my nodes but again for each

location for my nodes but again for each zone that i select it will run the same

zone that i select it will run the same amount of nodes so basically i have

amount of nodes so basically i have another option in order to choose from

another option in order to choose from having a zonal or multi-zonal cluster

having a zonal or multi-zonal cluster and because we're creating our cluster

and because we're creating our cluster in a single zone i'm going to uncheck

in a single zone i'm going to uncheck this and under automation as you can see

this and under automation as you can see enable auto upgrade and enable auto

enable auto upgrade and enable auto repair are both checked off and this is

repair are both checked off and this is due to the fact that the auto upgrade

due to the fact that the auto upgrade feature is always enabled for the

feature is always enabled for the release channel that i selected but as i

release channel that i selected but as i pointed out in a previous lesson that

pointed out in a previous lesson that this is google's best practice

this is google's best practice to have auto upgrade and auto repair

to have auto upgrade and auto repair enabled and so moving down to the bottom

enabled and so moving down to the bottom are some fields to change the surge

are some fields to change the surge upgrade behavior and so just as a

upgrade behavior and so just as a refresher surge upgrades allow you to

refresher surge upgrades allow you to control the number of nodes gke can

control the number of nodes gke can upgrade at a time and control how

upgrade at a time and control how disruptive those upgrades are to your

disruptive those upgrades are to your workloads so max surge being the number

workloads so max surge being the number of additional nodes that can be added to

of additional nodes that can be added to the node pool during an upgrade and max

the node pool during an upgrade and max unavailable being the number of nodes

unavailable being the number of nodes that can be simultaneously unavailable

that can be simultaneously unavailable during that upgrade and because we're

during that upgrade and because we're not worried about disruptions we'll just

not worried about disruptions we'll just leave it set as the default and so

leave it set as the default and so moving on we're going to move back over

moving on we're going to move back over to the left hand menu and under no pools

to the left hand menu and under no pools we're going to click on nodes and here

we're going to click on nodes and here is where i can choose the type of

is where i can choose the type of instance that i want to be using for my

instance that i want to be using for my nodes and so i'm going to keep the image

nodes and so i'm going to keep the image type as container optimize os and this

type as container optimize os and this is the default image type but i also

is the default image type but i also have the option of choosing from others

have the option of choosing from others like ubuntu or windows and so i'm going

like ubuntu or windows and so i'm going to keep it as the default and under

to keep it as the default and under machine configuration i'm going to keep

machine configuration i'm going to keep it under general purpose

it under general purpose with series e2 but i do want to change

with series e2 but i do want to change the machine type to e2 micro just to be

the machine type to e2 micro just to be cost conscious and under boot disk size

cost conscious and under boot disk size i want to keep it as 10 gigabytes as we

i want to keep it as 10 gigabytes as we don't really need 100 gigabytes for what

don't really need 100 gigabytes for what we're doing here and you also have the

we're doing here and you also have the option of choosing from a different boot

option of choosing from a different boot disk type you can change it from

disk type you can change it from standard persistent disk to ssd but i'm

standard persistent disk to ssd but i'm going to keep things as standard as well

going to keep things as standard as well i also have the option here to use

i also have the option here to use customer manage keys for encryption on

customer manage keys for encryption on my boot disk as well as selecting from

my boot disk as well as selecting from preemptable nodes for some cost savings

preemptable nodes for some cost savings and so i'm going to now move down to

and so i'm going to now move down to networking and here if i wanted to get

networking and here if i wanted to get really granular i can add a maximum pods

really granular i can add a maximum pods per node as well as some network tags

per node as well as some network tags but our demo doesn't require this so i'm

but our demo doesn't require this so i'm going to leave it as is and i'm going to

going to leave it as is and i'm going to go back over to the left hand menu and

go back over to the left hand menu and click on security and under node

click on security and under node security you have the option of changing

security you have the option of changing your service account along with the

your service account along with the access scopes and so for this demo we

access scopes and so for this demo we can keep things as the default service

can keep things as the default service account and the access scopes can be

account and the access scopes can be left as is i'm going to go back over to

left as is i'm going to go back over to the left hand menu and click on metadata

the left hand menu and click on metadata and here i can add kubernetes labels as

and here i can add kubernetes labels as well as the instance metadata and so i

well as the instance metadata and so i know i didn't get into node taints but

know i didn't get into node taints but just to fill you in on no taints when

just to fill you in on no taints when you submit a workload to run in a

you submit a workload to run in a cluster the scheduler determines where

cluster the scheduler determines where to place the pods associated with the

to place the pods associated with the workload and so the scheduler will place

workload and so the scheduler will place a pod on any node that satisfies the

a pod on any node that satisfies the resource requirements for that workload

resource requirements for that workload so no taints will give you some more

so no taints will give you some more control over which workloads can run on

control over which workloads can run on a particular pool of nodes and so they

a particular pool of nodes and so they let you mark a node so that the

let you mark a node so that the scheduler avoids or prevents using it

scheduler avoids or prevents using it for certain pods so for instance if you

for certain pods so for instance if you had a node pool that is dedicated to

had a node pool that is dedicated to gpus you'd want to keep that node pool

gpus you'd want to keep that node pool specifically for the workload that

specifically for the workload that requires it and although it is in beta

requires it and although it is in beta this is a great feature to have and so

this is a great feature to have and so that pretty much covers no pools as we

that pretty much covers no pools as we see it here and so this is the end of

see it here and so this is the end of part one of this demo it was getting a

part one of this demo it was getting a bit long so i decided to break it up

bit long so i decided to break it up this would be a great opportunity for

this would be a great opportunity for you to get up and have a stretch get

you to get up and have a stretch get yourself a coffee or a tea and whenever

yourself a coffee or a tea and whenever you're ready part two will be starting

you're ready part two will be starting immediately from the end of part one so

immediately from the end of part one so you can now mark this as complete and

you can now mark this as complete and i'll see you in the next one

i'll see you in the next one [Music]

[Music] this is part two of creating a gke

this is part two of creating a gke cluster part 2 will be starting

cluster part 2 will be starting immediately from the end of part 1. so

immediately from the end of part 1. so with that being said let's dive in and

with that being said let's dive in and so i'm going to go back over to the left

so i'm going to go back over to the left hand menu and under cluster i'm going to

hand menu and under cluster i'm going to click on automation and here i have the

click on automation and here i have the option of enabling a maintenance window

option of enabling a maintenance window for aligning times when auto upgrades

for aligning times when auto upgrades are allowed i have the option of adding

are allowed i have the option of adding the window here and i can do it at

the window here and i can do it at specified times during the week or i can

specified times during the week or i can create a custom maintenance window and

create a custom maintenance window and so we don't need a maintenance window

so we don't need a maintenance window right now so i'm going to uncheck this

right now so i'm going to uncheck this and as well you have the option of doing

and as well you have the option of doing maintenance exclusions for when you

maintenance exclusions for when you don't want maintenance to occur ngk

don't want maintenance to occur ngk gives you the option of doing multiple

gives you the option of doing multiple maintenance exclusions for whenever you

maintenance exclusions for whenever you need them and because we don't need any

need them and because we don't need any maintenance exclusions i'm going to

maintenance exclusions i'm going to delete these and here you have the

delete these and here you have the option to enable vertical pod auto

option to enable vertical pod auto scaling and this is where gke will

scaling and this is where gke will automatically schedule pods onto other

automatically schedule pods onto other nodes that satisfy the resources

nodes that satisfy the resources required for that workload as well here

required for that workload as well here i can enable my node auto provisioning

i can enable my node auto provisioning and enabling this option allows gke to

and enabling this option allows gke to automatically manage a set of node pools

automatically manage a set of node pools that can be created and deleted as

that can be created and deleted as needed and i have a bunch of fields that

needed and i have a bunch of fields that i can choose from the resource type the

i can choose from the resource type the minimum and maximum for cpu and memory

minimum and maximum for cpu and memory the service account

the service account as well as adding even more resources

as well as adding even more resources like gpus but our workload doesn't

like gpus but our workload doesn't require anything this fancy so i'm going

require anything this fancy so i'm going to delete this and i'm going to uncheck

to delete this and i'm going to uncheck enable auto provisioning and lastly we

enable auto provisioning and lastly we have the auto scaling profile and i have

have the auto scaling profile and i have the option from choosing the balance

the option from choosing the balance profile which is the default as well as

profile which is the default as well as the optimize utilization which is still

the optimize utilization which is still in beta and so i'm going to keep things

in beta and so i'm going to keep things as the default and i'm going to move

as the default and i'm going to move back on over to the left hand menu over

back on over to the left hand menu over to networking and so here i can get

to networking and so here i can get really granular with my cluster when it

really granular with my cluster when it comes to networking i have the option of

comes to networking i have the option of choosing from a public or a private

choosing from a public or a private cluster as well i can choose from a

cluster as well i can choose from a different network and since we only have

different network and since we only have the default that's what shows up but if

the default that's what shows up but if you had different networks here you can

you had different networks here you can choose from them as well as the subnets

choose from them as well as the subnets i can also choose from other networking

i can also choose from other networking options like pod address range maximum

options like pod address range maximum pods per node and there's a bunch of

pods per node and there's a bunch of other options which i won't get into any

other options which i won't get into any detail with but i encourage you if

detail with but i encourage you if you're very curious to go through the

you're very curious to go through the docs and to check out these different

docs and to check out these different options now the one thing that i wanted

options now the one thing that i wanted to note here is the enable http low

to note here is the enable http low balancing and this is a add-on that is

balancing and this is a add-on that is required in order to use google cloud

required in order to use google cloud load balancer and so as we discussed

load balancer and so as we discussed previously in the services lesson when

previously in the services lesson when you enable service type load balancer a

you enable service type load balancer a load balancer will be created for you by

load balancer will be created for you by the cloud provider and so google

the cloud provider and so google requires you to check this off so that a

requires you to check this off so that a controller can be installed in the

controller can be installed in the cluster upon creation and will allow a

cluster upon creation and will allow a load balancer to be created when the

load balancer to be created when the service is created and so i'm going to

service is created and so i'm going to leave this checked as we will be

leave this checked as we will be deploying a load balancer a little bit

deploying a load balancer a little bit later and so moving back over to the

later and so moving back over to the left hand menu i'm going to now click on

left hand menu i'm going to now click on security and there are many options here

security and there are many options here to choose from that will allow you to

to choose from that will allow you to really lock down your cluster and again

really lock down your cluster and again this would all depend on your specific

this would all depend on your specific type of workload now i'm not going to go

type of workload now i'm not going to go through all these options here but i did

through all these options here but i did want to highlight it for those who are

want to highlight it for those who are looking to be more security focused with

looking to be more security focused with your cluster and so moving down the list

your cluster and so moving down the list in the menu i'm going to click on

in the menu i'm going to click on metadata and so here i can enter a

metadata and so here i can enter a description for my cluster as well as

description for my cluster as well as adding labels and so the last option on

adding labels and so the last option on the cluster menu is features and here i

the cluster menu is features and here i have the option of running cloud run for

have the option of running cloud run for anthos which will allow you to deploy

anthos which will allow you to deploy serverless workloads to anthos clusters

serverless workloads to anthos clusters and runs on top of gke and here you can

and runs on top of gke and here you can enable monitoring for gke and have it be

enable monitoring for gke and have it be natively monitored by google cloud

natively monitored by google cloud monitoring and if i was running a

monitoring and if i was running a third-party product to monitor my

third-party product to monitor my cluster i can simply uncheck this and

cluster i can simply uncheck this and use my third-party monitoring and

use my third-party monitoring and there's a whole bunch of other features

there's a whole bunch of other features that i won't dive into right now but if

that i won't dive into right now but if you're curious you can always hover over

you're curious you can always hover over the question mark and get some more

the question mark and get some more information about what it does and so

information about what it does and so now i've pretty much covered all the

now i've pretty much covered all the configuration that's needed for this

configuration that's needed for this cluster and so now i'm going to finally

cluster and so now i'm going to finally head down to the bottom and click on

head down to the bottom and click on create and so it may take a few minutes

create and so it may take a few minutes to create this cluster so i'm going to

to create this cluster so i'm going to go ahead and pause this video here and

go ahead and pause this video here and i'll be back faster than you can say cat

i'll be back faster than you can say cat in the hat okay and the cluster has been

in the hat okay and the cluster has been created as you can see it's in the

created as you can see it's in the location of us east 1b with three nodes

location of us east 1b with three nodes six vcpus and three gigabytes of memory

six vcpus and three gigabytes of memory and i can drill down and see exactly the

and i can drill down and see exactly the details of the cluster as well if i

details of the cluster as well if i wanted to edit any of these options i

wanted to edit any of these options i can simply go up to the top click on

can simply go up to the top click on edit and make the necessary changes and

edit and make the necessary changes and so now you're probably wondering what

so now you're probably wondering what will i need to do in order to create

will i need to do in order to create this cluster through the command line

this cluster through the command line well it's a bit simpler than what you

well it's a bit simpler than what you think and i'm going to show you right

think and i'm going to show you right now i'm going to simply go over to the

now i'm going to simply go over to the right hand menu and activate cloud shell

right hand menu and activate cloud shell and bring this up for better viewing and

and bring this up for better viewing and i'm going to paste in my command gcloud

i'm going to paste in my command gcloud container clusters create bow tie dash

container clusters create bow tie dash cluster with the flag num nodes and the

cluster with the flag num nodes and the number of nodes that i choose which is

number of nodes that i choose which is three and so like i said before if i

three and so like i said before if i wanted to simply create a simple cluster

wanted to simply create a simple cluster i can do so like this but if i wanted to

i can do so like this but if i wanted to create the cluster exactly how i built

create the cluster exactly how i built my last cluster then i can use this

my last cluster then i can use this command which has all the necessary

command which has all the necessary flags that i need to make it customize

flags that i need to make it customize to my liking a not so very exciting

to my liking a not so very exciting demonstration but at the same time shows

demonstration but at the same time shows you how easy yet powerful gke really is

you how easy yet powerful gke really is and so i'm not going to launch this

and so i'm not going to launch this cluster as i already have one and so now

cluster as i already have one and so now i wanted to show you how to interact

i wanted to show you how to interact with your new gke cluster so i'm going

with your new gke cluster so i'm going to simply clear my screen and so now in

to simply clear my screen and so now in order for me to interact with my cluster

order for me to interact with my cluster i'm going to be using the cube ctl

i'm going to be using the cube ctl command line tool and this is the tool

command line tool and this is the tool that is used to interact with any

that is used to interact with any kubernetes cluster no matter the

kubernetes cluster no matter the platform now i could use the gcloud

platform now i could use the gcloud container commands but they won't allow

container commands but they won't allow me to get very granular as the cubectl

me to get very granular as the cubectl tool and so a caveat of creating your

tool and so a caveat of creating your cluster through the console is that you

cluster through the console is that you need to run a command in order to

need to run a command in order to retrieve the cluster's credentials and

retrieve the cluster's credentials and configure the cubectl command line tool

configure the cubectl command line tool and i'm going to go ahead and paste that

and i'm going to go ahead and paste that in now and the command is gcloud

in now and the command is gcloud container clusters get dash credentials

container clusters get dash credentials and the name of my cluster which is bow

and the name of my cluster which is bow tie dash cluster along with the zone

tie dash cluster along with the zone flag dash dash zone followed by the zone

flag dash dash zone followed by the zone itself which is us east 1b i'm going to

itself which is us east 1b i'm going to go ahead and hit enter and as you can

go ahead and hit enter and as you can see cubectl has now been configured and

see cubectl has now been configured and so now i'm able to interact with my

so now i'm able to interact with my cluster so just to verify i'm going to

cluster so just to verify i'm going to run the command cubectl

run the command cubectl getpods and naturally as no workloads

getpods and naturally as no workloads are currently deployed in the cluster

are currently deployed in the cluster there are no pods so i'm going to run

there are no pods so i'm going to run the command cube ctl get nodes

the command cube ctl get nodes and as you can see the cubectl command

and as you can see the cubectl command line tool is configured correctly and so

line tool is configured correctly and so now this cluster is ready to have

now this cluster is ready to have workloads deployed to it and is also

workloads deployed to it and is also configured with the cubectl command line

configured with the cubectl command line tool so that you're able to manage the

tool so that you're able to manage the cluster and troubleshoot if necessary

cluster and troubleshoot if necessary now i know that there has been a ton of

now i know that there has been a ton of features that i covered but i wanted to

features that i covered but i wanted to give you the full walkthrough so that

give you the full walkthrough so that you are able to tie in some of the

you are able to tie in some of the theory from the last few lessons and get

theory from the last few lessons and get a feel for the gke cluster as we will be

a feel for the gke cluster as we will be getting more involved with it over the

getting more involved with it over the next couple of demos and so that's

next couple of demos and so that's pretty much all i wanted to cover when

pretty much all i wanted to cover when it comes to creating and setting up a

it comes to creating and setting up a gke cluster so you can now mark this as

gke cluster so you can now mark this as complete and whenever you're ready join

complete and whenever you're ready join me in the console in the next one where

me in the console in the next one where you will be building your box a bow ties

you will be building your box a bow ties container to deploy to your new cluster

container to deploy to your new cluster but if you are not planning to go

but if you are not planning to go straight into the next demo i do

straight into the next demo i do recommend that you delete your cluster

recommend that you delete your cluster to avoid any unnecessary costs and

to avoid any unnecessary costs and recreate it when you are ready to go

recreate it when you are ready to go into the next demo

into the next demo [Music]

[Music] welcome back now in the last lesson you

welcome back now in the last lesson you built a custom gke cluster and

built a custom gke cluster and configured the cube ctl command line

configured the cube ctl command line tool to interact with the cluster in

tool to interact with the cluster in this lesson you're going to be building

this lesson you're going to be building a docker image for a box of bow ties

a docker image for a box of bow ties using cloud build which will then be

using cloud build which will then be pushed over to google cloud container

pushed over to google cloud container registry so that you can deploy it to

registry so that you can deploy it to your current gke cluster and so as you

your current gke cluster and so as you can see there's a lot to do here so with

can see there's a lot to do here so with that being said let's dive in so now the

that being said let's dive in so now the first thing that you want to do is to

first thing that you want to do is to clone your repo within cloud shell so

clone your repo within cloud shell so you can run the necessary commands to

you can run the necessary commands to build your image so i'm going to go up

build your image so i'm going to go up here to the top right and i'm going to

here to the top right and i'm going to open up cloud shell i'm going to make

open up cloud shell i'm going to make sure that i'm in my home directory so

sure that i'm in my home directory so i'm going to run the command cd space

i'm going to run the command cd space tilde

tilde hit enter and i'm in my home directory

hit enter and i'm in my home directory if i run the command ls i can see that i

if i run the command ls i can see that i only have cloud shell.txt and so now i'm

only have cloud shell.txt and so now i'm going to clone my github repository and

going to clone my github repository and i'll have a link in the instructions in

i'll have a link in the instructions in the github repo as well as having it in

the github repo as well as having it in the lesson text below and so the command

the lesson text below and so the command would be git clone along with the https

would be git clone along with the https address of the github repo and i'm going

address of the github repo and i'm going to hit enter

to hit enter and it's finished cloning my repo i'm

and it's finished cloning my repo i'm going to quickly clear my screen

going to quickly clear my screen and i'm going to run the command ls and

and i'm going to run the command ls and i can see my repo here and now i'm going

i can see my repo here and now i'm going to drill down into the directory by

to drill down into the directory by running cd google cloud associate cloud

running cd google cloud associate cloud engineer if i run an ls i can see all my

engineer if i run an ls i can see all my clone files and folders and so now the

clone files and folders and so now the files that we need are going to be found

files that we need are going to be found in the box of bowties folder under

in the box of bowties folder under kubernetes engine and containers so i'm

kubernetes engine and containers so i'm going to change directories to that

going to change directories to that location and run ls and under box of bow

location and run ls and under box of bow ties is a folder called container which

ties is a folder called container which will have all the necessary files that

will have all the necessary files that you need in order to build your image we

you need in order to build your image we have the jpeg for box of bow ties we

have the jpeg for box of bow ties we have the docker file and we have our

have the docker file and we have our index.html and so these are the three

index.html and so these are the three files that we need in order to build the

files that we need in order to build the image and so as i said before we are

image and so as i said before we are going to be using a tool called cloud

going to be using a tool called cloud build which we have not discussed yet

build which we have not discussed yet cloudbuild is a serverless ci cd

cloudbuild is a serverless ci cd platform that allows me to package

platform that allows me to package source code into containers and you can

source code into containers and you can get really fancy with cloud build but

get really fancy with cloud build but we're not going to be setting up any ci

we're not going to be setting up any ci cd pipelines we're merely using cloud

cd pipelines we're merely using cloud build to build our image and to push it

build to build our image and to push it out to container registry as well

out to container registry as well container registry is google cloud's

container registry is google cloud's private docker repository where you can

private docker repository where you can manage your docker images and integrates

manage your docker images and integrates with cloud build gke app engine cloud

with cloud build gke app engine cloud functions

functions and other repos like github or bitbucket

and other repos like github or bitbucket and it allows for an amazing build

and it allows for an amazing build experience with absolutely no heavy

experience with absolutely no heavy lifting and because you're able to build

lifting and because you're able to build images without having to leave google

images without having to leave google cloud i figured that this would be a

cloud i figured that this would be a great time to highlight these services

great time to highlight these services so getting back to it we've cloned the

so getting back to it we've cloned the repo and so we have our files here in

repo and so we have our files here in cloud shell and so what you want to do

cloud shell and so what you want to do now is you want to make sure the cloud

now is you want to make sure the cloud build api has been enabled as this is a

build api has been enabled as this is a service that we haven't used before now

service that we haven't used before now we can go through the console and enable

we can go through the console and enable the api there but i'm going to run it

the api there but i'm going to run it here from cloud shell and i'm going to

here from cloud shell and i'm going to paste in the command gcloud services

paste in the command gcloud services enable cloudbuild.googleapis.com

enable cloudbuild.googleapis.com i'm going to hit enter and you should

i'm going to hit enter and you should get a prompt asking you to authorize the

get a prompt asking you to authorize the api call you definitely want to

api call you definitely want to authorize

authorize should take a few seconds all right and

should take a few seconds all right and the api has been enabled for cloud build

the api has been enabled for cloud build so now i'm going to quickly clear my

so now i'm going to quickly clear my screen and so because i want to show you

screen and so because i want to show you exactly what cloud build is doing i want

exactly what cloud build is doing i want to head on over there through the

to head on over there through the console and so i'm going to go over to

console and so i'm going to go over to the navigation menu and i'm going to

the navigation menu and i'm going to scroll down to tools until you come to

scroll down to tools until you come to cloud build

cloud build and as expected there is nothing here in

and as expected there is nothing here in the build history as well not a lot here

the build history as well not a lot here to interact with and so now you're going

to interact with and so now you're going to run the command that builds the image

to run the command that builds the image and so you're going to paste that

and so you're going to paste that command into the cloud shell which is

command into the cloud shell which is gcloud builds submit dash dash tag

gcloud builds submit dash dash tag gcr.io which is the google cloud

gcr.io which is the google cloud container registry our variable for our

container registry our variable for our google cloud project along with the

google cloud project along with the image name of box bow ties version 1.0.0

image name of box bow ties version 1.0.0 and please don't forget the trailing dot

and please don't forget the trailing dot at the end i'm going to go ahead and hit

at the end i'm going to go ahead and hit enter cloud build will now compress the

enter cloud build will now compress the files and move them to a cloud storage

files and move them to a cloud storage bucket and then cloud build takes those

bucket and then cloud build takes those files from the bucket and uses the

files from the bucket and uses the docker file to execute the docker build

docker file to execute the docker build process and so i'm going to pause the

process and so i'm going to pause the video here till the build completes and

video here till the build completes and i'll be back in a flash okay and the

i'll be back in a flash okay and the image is complete and is now showing up

image is complete and is now showing up in the build history in the cloud build

in the build history in the cloud build dashboard and so if i want to drill down

dashboard and so if i want to drill down into the actual build right beside the

into the actual build right beside the green check mark you will see the hot

green check mark you will see the hot link so you can just simply click on

link so you can just simply click on that and here you will see a build

that and here you will see a build summary with the build log

summary with the build log the execution details along with the

the execution details along with the build artifacts and as well the

build artifacts and as well the compressed files are stored in cloud

compressed files are stored in cloud storage and it has a hot link right here

storage and it has a hot link right here if i wanted to download the build log i

if i wanted to download the build log i can do so here and i conveniently have a

can do so here and i conveniently have a hot link to the image of box of bow ties

hot link to the image of box of bow ties and this will bring me to my container

and this will bring me to my container registry so you can go ahead and click

registry so you can go ahead and click on the link

on the link it should open up another tab and bring

it should open up another tab and bring you right to the page of the image that

you right to the page of the image that covers a lot of its details now the

covers a lot of its details now the great thing i love about container

great thing i love about container registry is again it's so tightly

registry is again it's so tightly coupled with a lot of the other

coupled with a lot of the other resources within google cloud that i am

resources within google cloud that i am able to simply deploy right from here

able to simply deploy right from here and i can deploy to cloud run to gke as

and i can deploy to cloud run to gke as well as compute engine now i could

well as compute engine now i could simply deploy this image right from here

simply deploy this image right from here but i wanted to do it from gke so i'm

but i wanted to do it from gke so i'm going to go back over to gke in the

going to go back over to gke in the other tab i'm going to go to the

other tab i'm going to go to the navigation menu go down to kubernetes

navigation menu go down to kubernetes engine

engine and i'm going to go up to the top menu

and i'm going to go up to the top menu and click on deploy it's going to ask

and click on deploy it's going to ask for the image you want to deploy and you

for the image you want to deploy and you want to click on select to select a new

want to click on select to select a new container image and you should have a

container image and you should have a menu pop up from the right hand side of

menu pop up from the right hand side of your screen and under container registry

your screen and under container registry you should see box of bow ties you can

you should see box of bow ties you can expand the node here and simply click on

expand the node here and simply click on the image and then hit select

the image and then hit select and so now the container image has been

and so now the container image has been populated into my image path and you

populated into my image path and you want to scroll down and if i wanted to i

want to scroll down and if i wanted to i could add another container and even add

could add another container and even add some environment variables and so we're

some environment variables and so we're not looking to do that right now so you

not looking to do that right now so you can simply click on continue and you're

can simply click on continue and you're going to be prompted with some fields to

going to be prompted with some fields to fill out for your configuration on your

fill out for your configuration on your deployment and so the application name

deployment and so the application name is going to be called box of bow ties

is going to be called box of bow ties i'm going to keep it in the default

i'm going to keep it in the default namespace as well i'm going to keep the

namespace as well i'm going to keep the key value pair as app box of bow ties

key value pair as app box of bow ties for my labels and because this

for my labels and because this configuration will create a deployment

configuration will create a deployment file for me you can always have a look

file for me you can always have a look at the manifest by clicking on the view

at the manifest by clicking on the view yaml button before it's deployed and

yaml button before it's deployed and this is always good practice before you

this is always good practice before you deploy any workload so as you can see

deploy any workload so as you can see here at the top i have the kind as

here at the top i have the kind as deployment the name as well as the

deployment the name as well as the namespace my labels

namespace my labels replicas of three as well as my selector

replicas of three as well as my selector and my spec down here at the bottom as

and my spec down here at the bottom as well this manifest also holds another

well this manifest also holds another kind

kind of horizontal pod auto scaler and is

of horizontal pod auto scaler and is coupled with the deployment in this

coupled with the deployment in this manifest due to the reference of the

manifest due to the reference of the deployment itself and so it's always

deployment itself and so it's always common practice to try and group the

common practice to try and group the manifest together whenever you can and

manifest together whenever you can and so this is a really cool feature to take

so this is a really cool feature to take advantage of on gke so i'm going to

advantage of on gke so i'm going to close this now and i'm actually going to

close this now and i'm actually going to close cloud shell as i don't need it

close cloud shell as i don't need it right now as well you can see here that

right now as well you can see here that it's going to deploy to my kubernetes

it's going to deploy to my kubernetes cluster of bow tie cluster in us east 1b

cluster of bow tie cluster in us east 1b and if i wanted to i can deploy it to a

and if i wanted to i can deploy it to a new cluster and if i had any other

new cluster and if i had any other clusters in my environment they would

clusters in my environment they would show up here and i'd be able to select

show up here and i'd be able to select from them as well but bow tie cluster is

from them as well but bow tie cluster is the only one that i have and so now that

the only one that i have and so now that you've completed your configuration for

you've completed your configuration for your deployment you can simply click on

your deployment you can simply click on deploy this is just going to take a

deploy this is just going to take a couple minutes so i'm just going to

couple minutes so i'm just going to pause the video here and i'll be back as

pause the video here and i'll be back as soon as the deployment is done okay the

soon as the deployment is done okay the workload has been deployed and i got

workload has been deployed and i got some default messages that popped up i

some default messages that popped up i can set an automated pipeline for this

can set an automated pipeline for this workload but we're not going to do that

workload but we're not going to do that for this demo but feel free to try it on

for this demo but feel free to try it on your own later if you'd like and we will

your own later if you'd like and we will want to expose our service as we want to

want to expose our service as we want to see if it's up and running and we're

see if it's up and running and we're going to take care of that in just a bit

going to take care of that in just a bit and so if i scroll through some of the

and so if i scroll through some of the details here i can see that i have some

details here i can see that i have some metrics here for cpu memory and disk the

metrics here for cpu memory and disk the cluster

cluster namespace

namespace labels and all the pods that it's

labels and all the pods that it's running on basically a live visual

running on basically a live visual representation of my deployment if i

representation of my deployment if i scroll back up to the top i can dive

scroll back up to the top i can dive into some details events

into some details events and even my manifest i can also copy my

and even my manifest i can also copy my manifest and download it if i'd like so

manifest and download it if i'd like so as you can see a lot of different

as you can see a lot of different options and so now i want to verify my

options and so now i want to verify my deployment and so i'm going to use the

deployment and so i'm going to use the cube ctl command line tool to run some

cube ctl command line tool to run some commands to verify the information so

commands to verify the information so i'm going to open back up my cloud shell

i'm going to open back up my cloud shell and make this a little bit bigger for

and make this a little bit bigger for better viewing and i'm going to run the

better viewing and i'm going to run the command cubectl get all

command cubectl get all and as you can see here i have a list of

and as you can see here i have a list of all the pods that are running the name

all the pods that are running the name of the service the deployment the

of the service the deployment the replica set everything about my cluster

replica set everything about my cluster and my deployment and you should be

and my deployment and you should be seeing the same when running this

seeing the same when running this command and so next you want to pull up

command and so next you want to pull up the details on your deployments in the

the details on your deployments in the cluster and so the command for that is

cluster and so the command for that is cube ctl get deployments and it came out

cube ctl get deployments and it came out kind of crammed at the bottom so i'm

kind of crammed at the bottom so i'm going to simply clear my screen and run

going to simply clear my screen and run that command again

that command again and as you can see the box of bowties

and as you can see the box of bowties deployment is displayed how many

deployment is displayed how many replicas that are available how many of

replicas that are available how many of those replicas achieve their desired

those replicas achieve their desired state and along with how long the

state and along with how long the application has been running and so now

application has been running and so now i want to dive into my pods and in order

i want to dive into my pods and in order to do that i'm going to run the command

to do that i'm going to run the command cube ctl get pods and here i can see all

cube ctl get pods and here i can see all my pods now if i wanted to look at a

my pods now if i wanted to look at a list of events

list of events for a specific pod the command for that

for a specific pod the command for that would be cubectl describe pod and then

would be cubectl describe pod and then the name of one of the pods so i'm going

the name of one of the pods so i'm going to pick this first one copy that i'm

to pick this first one copy that i'm going to paste it and i'm going to hit

going to paste it and i'm going to hit enter and here i can see all the events

enter and here i can see all the events that have occurred for this pod as well

that have occurred for this pod as well i also have access to some other

i also have access to some other information with regards to volumes

information with regards to volumes conditions and even the container and

conditions and even the container and image ids and this is a great command to

image ids and this is a great command to use for when you're troubleshooting your

use for when you're troubleshooting your pods and you're trying to get to the

pods and you're trying to get to the bottom of a problem and so now the final

bottom of a problem and so now the final step that you want to do is you want to

step that you want to do is you want to be able to expose your application so

be able to expose your application so you can check to see if it's running

you can check to see if it's running properly and so we're going to go ahead

properly and so we're going to go ahead and do that through the console so i'm

and do that through the console so i'm going to close down cloud shell and i'm

going to close down cloud shell and i'm going to go to overview and scroll down

going to go to overview and scroll down to the bottom click on the button that

to the bottom click on the button that says expose and if i wanted to i can do

says expose and if i wanted to i can do it from up here in the top right hand

it from up here in the top right hand corner where it says expose deployment

corner where it says expose deployment so i'm going to click on expose and this

so i'm going to click on expose and this probably looks very familiar to you as

probably looks very familiar to you as this is a graphical representation of

this is a graphical representation of the services manifest and so the port

the services manifest and so the port mapping here will cover the ports

mapping here will cover the ports configuration of the services manifest

configuration of the services manifest starting here with port target port as

starting here with port target port as well as protocol for target port i'm

well as protocol for target port i'm going to open up port 80. here under

going to open up port 80. here under service type you have the option of

service type you have the option of selecting cluster ip

selecting cluster ip node port or load balancer and the

node port or load balancer and the service type you want to use is going to

service type you want to use is going to be low balancer and we can keep the

be low balancer and we can keep the service name as box of bowties service

service name as box of bowties service and again you can view the manifest file

and again you can view the manifest file for this service and you can copy or

for this service and you can copy or download it if you need to but we don't

download it if you need to but we don't need this right now so i'm going to

need this right now so i'm going to close it in a pretty simple process

close it in a pretty simple process so all i need to do is click on expose

so all i need to do is click on expose and within a minute or two you should

and within a minute or two you should have your service up and running with

have your service up and running with your shiny new low balancer okay and the

your shiny new low balancer okay and the service has been created and as you can

service has been created and as you can see we're under the services and ingress

see we're under the services and ingress from the left hand menu and if i go back

from the left hand menu and if i go back to the main page of services in ingress

to the main page of services in ingress you can see that box a bow tie service

you can see that box a bow tie service is the only one that's here i also have

is the only one that's here i also have the option of creating a service type

the option of creating a service type ingress but we don't want to do that

ingress but we don't want to do that right now so i'm going to go back to

right now so i'm going to go back to services and here you will see your

services and here you will see your endpoint and this is the hot link that

endpoint and this is the hot link that should bring you to your application so

should bring you to your application so you can click on it now you'll get a

you can click on it now you'll get a redirect notice as it is only http and

redirect notice as it is only http and not https so it's safe to click on it so

not https so it's safe to click on it so i'm going to click on it now and success

i'm going to click on it now and success and here is your box of bow ties

and here is your box of bow ties what were you expecting and so i wanted

what were you expecting and so i wanted to congratulate you on deploying your

to congratulate you on deploying your first application box of bow ties on

first application box of bow ties on your gke cluster and so just as a recap

your gke cluster and so just as a recap you've cloned your repo into your cloud

you've cloned your repo into your cloud shell environment you then built a

shell environment you then built a container image using cloud build and

container image using cloud build and pushed the image to container registry

pushed the image to container registry you then created a deployment using this

you then created a deployment using this image and verified the deployment using

image and verified the deployment using the cube ctl command line tool you then

the cube ctl command line tool you then launched a service of type low balancer

launched a service of type low balancer to expose your application and verified

to expose your application and verified that your application was working so

that your application was working so fantastic job on your part and that's

fantastic job on your part and that's pretty much all i wanted to cover in

pretty much all i wanted to cover in this part of the demo

this part of the demo so you can now mark this as complete and

so you can now mark this as complete and whenever you're ready join me in the

whenever you're ready join me in the console for the next part of the demo

console for the next part of the demo where you will manage your workload on

where you will manage your workload on the gke cluster so please be aware of

the gke cluster so please be aware of the charges incurred on your currently

the charges incurred on your currently deployed cluster if you plan to do the

deployed cluster if you plan to do the next demo at a later date again you can

next demo at a later date again you can mark this as complete and i'll see you

mark this as complete and i'll see you in the next

welcome back in the last couple of demo lessons you built a custom gke cluster

lessons you built a custom gke cluster and deployed the box of bowties

and deployed the box of bowties application in this lesson you will be

application in this lesson you will be interacting with this workload on gke by

interacting with this workload on gke by scaling the application editing your

scaling the application editing your application and rebuilding your docker

application and rebuilding your docker image so you can do a rolling update to

image so you can do a rolling update to the current workload in your cluster now

the current workload in your cluster now there's a lot to do here so with that

there's a lot to do here so with that being said let's dive in so continuing

being said let's dive in so continuing where we left off you currently have

where we left off you currently have your box of bow ties workload deployed

your box of bow ties workload deployed on your gke cluster and so the first

on your gke cluster and so the first thing you want to do is scale your

thing you want to do is scale your deployment and you are looking to scale

deployment and you are looking to scale down your cluster to one pod and then

down your cluster to one pod and then back up again to three and this is just

back up again to three and this is just to simulate scaling your workload so

to simulate scaling your workload so whether it be ten pods or one the action

whether it be ten pods or one the action is still the same so now we can easily

is still the same so now we can easily do it through the console by drilling

do it through the console by drilling down into the box of bowties workload

down into the box of bowties workload going up to the top menu and clicking on

going up to the top menu and clicking on actions and clicking on scale and here i

actions and clicking on scale and here i can indicate how many replicas i'd like

can indicate how many replicas i'd like and scale it accordingly and so i wanted

and scale it accordingly and so i wanted to do this using the command line so i'm

to do this using the command line so i'm going to cancel out of here and then i'm

going to cancel out of here and then i'm going to open up cloud shell instead

going to open up cloud shell instead okay and now that you have cloud shell

okay and now that you have cloud shell open up you want to run the command cube

open up you want to run the command cube ctl get pods to show the currently

ctl get pods to show the currently running available pods for the box of

running available pods for the box of bowties workload and you may get a

bowties workload and you may get a pop-up asking you to authorize the api

pop-up asking you to authorize the api call using your credentials and you

call using your credentials and you definitely want to authorize and here

definitely want to authorize and here you will get a list of all the pods that

you will get a list of all the pods that are running your box of bow ties

are running your box of bow ties workload and so now since you want to

workload and so now since you want to scale your replicas down to one you can

scale your replicas down to one you can run this command cube ctl scale

run this command cube ctl scale deployment and your workload which is

deployment and your workload which is box of bowties dash dash replicas is

box of bowties dash dash replicas is equal to one you can hit enter and it is

equal to one you can hit enter and it is now scaled

now scaled and in order to verify that i'm going to

and in order to verify that i'm going to run cube ctl get pods and notice that

run cube ctl get pods and notice that there is only one pod running with my

there is only one pod running with my box of bow ties workload and in order

box of bow ties workload and in order for me to scale my deployment back up to

for me to scale my deployment back up to three replicas i can simply run the same

three replicas i can simply run the same command but change the replicas from 1

command but change the replicas from 1 to 3. hit enter it's been scaled i'm

to 3. hit enter it's been scaled i'm going to run cube ctl get pods and

going to run cube ctl get pods and notice that i am now back up to 3

notice that i am now back up to 3 replicas and so as you can see

replicas and so as you can see increasing or decreasing the number of

increasing or decreasing the number of replicas in order to scale your

replicas in order to scale your application is pretty simple to do okay

application is pretty simple to do okay so now that you've learned how to scale

so now that you've learned how to scale your application you're gonna learn how

your application you're gonna learn how to perform a rolling update but in order

to perform a rolling update but in order to do that you need to make changes to

to do that you need to make changes to your application and so what you're

your application and so what you're going to do is edit your application

going to do is edit your application then rebuild your docker image and apply

then rebuild your docker image and apply a rolling update and in order to do that

a rolling update and in order to do that we can stay here in cloud shell as

we can stay here in cloud shell as you're going to edit the file in cloud

you're going to edit the file in cloud shell editor i'm going to first clear my

shell editor i'm going to first clear my screen i'm going to change directory

screen i'm going to change directory into my home directory and now you want

into my home directory and now you want to change directories to your container

to change directories to your container folder where the files are that i need

folder where the files are that i need to edit i'm going to run ls and here's

to edit i'm going to run ls and here's the files that i need and so what you're

the files that i need and so what you're going to do now is edit the

going to do now is edit the index.html file and the easiest way to

index.html file and the easiest way to do that is to simply type in edit

do that is to simply type in edit index.html and hit enter and this will

index.html and hit enter and this will open up your editor so you can edit your

open up your editor so you can edit your index.html file and if you remember when

index.html file and if you remember when we launched our application it looked

we launched our application it looked exactly like this and so instead of what

exactly like this and so instead of what were you expecting we're going to

were you expecting we're going to actually change that text to something a

actually change that text to something a little different and so i'm going to go

little different and so i'm going to go back to the editor in my other tab and

back to the editor in my other tab and where it says what were you expecting

where it says what were you expecting i'm going to actually change this to

i'm going to actually change this to well i could always use something to eat

well i could always use something to eat then i'm going to go back up to the menu

then i'm going to go back up to the menu click on file and click on save and so

click on file and click on save and so now in order for me to deploy this i

now in order for me to deploy this i need to rebuild my container and so i'm

need to rebuild my container and so i'm going to go back to my terminal i'm

going to go back to my terminal i'm going to clear the screen and i'm going

going to clear the screen and i'm going to run the same command that i did the

to run the same command that i did the last time which is gcloud build submit

last time which is gcloud build submit dash dash tag gcr dot io with the

dash dash tag gcr dot io with the variable for your google cloud project

variable for your google cloud project followed by the image box of bowties

followed by the image box of bowties colon

colon 1.0.1 and so this will be a different

1.0.1 and so this will be a different version of the image also don't forget

version of the image also don't forget that trailing dot at the end and you can

that trailing dot at the end and you can hit enter and again this is the process

hit enter and again this is the process where cloud build compresses the files

where cloud build compresses the files moves them to a cloud storage bucket and

moves them to a cloud storage bucket and then takes the files from the bucket and

then takes the files from the bucket and uses the docker file to execute the

uses the docker file to execute the docker build process and this will take

docker build process and this will take a couple minutes so i'm going to pause

a couple minutes so i'm going to pause the video here and i'll be back before

the video here and i'll be back before you can say cat in the hat okay and my

you can say cat in the hat okay and my new image has been created and so i want

new image has been created and so i want to head over to cloud build just to make

to head over to cloud build just to make sure that there are no errors so i'm

sure that there are no errors so i'm going to close down cloud shell because

going to close down cloud shell because i don't need it right now i'm going to

i don't need it right now i'm going to head back up to the navigation menu and

head back up to the navigation menu and scroll down to cloud build and under

scroll down to cloud build and under build history you should see your second

build history you should see your second build and if you drill down into it you

build and if you drill down into it you will see that the build was successful

will see that the build was successful and heading over to build artifacts you

and heading over to build artifacts you should now see your new image as version

should now see your new image as version 1.0.1 and so now i'm going to head over

1.0.1 and so now i'm going to head over to the registry and verify the image

to the registry and verify the image there and it seems like everything looks

there and it seems like everything looks okay so now i'm gonna head back on over

okay so now i'm gonna head back on over to my gke cluster

to my gke cluster i'm gonna go to the navigation menu down

i'm gonna go to the navigation menu down to kubernetes engine and here i'm gonna

to kubernetes engine and here i'm gonna click on workloads i'm gonna select box

click on workloads i'm gonna select box of bowties and up at the top menu you

of bowties and up at the top menu you can click on actions and select a

can click on actions and select a rolling update and here you are prompted

rolling update and here you are prompted with a pop-up where you can enter in

with a pop-up where you can enter in your minimum seconds ready your maximum

your minimum seconds ready your maximum search percentage as well as your

search percentage as well as your maximum unavailable percentage and so

maximum unavailable percentage and so here under container images i am

here under container images i am prompted to enter in the sha-256 hash of

prompted to enter in the sha-256 hash of this docker image now a docker image's

this docker image now a docker image's id is a digest which contains a sha-256

id is a digest which contains a sha-256 hash of the image's configuration and if

hash of the image's configuration and if i go back over to the open tab for

i go back over to the open tab for container registry you can see here the

container registry you can see here the digest details to give you a little bit

digest details to give you a little bit more context along with the sha 256 hash

more context along with the sha 256 hash for the image that i need to deploy and

for the image that i need to deploy and so you can copy this digest by simply

so you can copy this digest by simply clicking on the copy button and then you

clicking on the copy button and then you can head back on over to the gke console

can head back on over to the gke console head over to the container images

head over to the container images highlight the hash and paste in the new

highlight the hash and paste in the new hash and so when you copy it in make

hash and so when you copy it in make sure it's still in the same format of

sure it's still in the same format of gcr dot io forward slash your project

gcr dot io forward slash your project name forward slash box of bow ties the

name forward slash box of bow ties the at symbol followed by the hash and so

at symbol followed by the hash and so once you've done that you can click on

once you've done that you can click on the update button and this will schedule

the update button and this will schedule an update for your application and as

an update for your application and as you can see here at the top it says that

you can see here at the top it says that pods are pending

pods are pending as well if i go down to active revisions

as well if i go down to active revisions you can see here that there is a summary

you can see here that there is a summary and the status that pods are pending and

and the status that pods are pending and so just as a note

so just as a note rolling updates allow the deployments

rolling updates allow the deployments update to take place with zero downtime

update to take place with zero downtime by incrementally updating pods instances

by incrementally updating pods instances with new ones so the pods will be

with new ones so the pods will be scheduled on nodes with available

scheduled on nodes with available resources and if the nodes do not have

resources and if the nodes do not have enough resources the pods will stay in a

enough resources the pods will stay in a pending state but i don't think we're

pending state but i don't think we're going to have any problems with these

going to have any problems with these nodes as this application is very light

nodes as this application is very light in resources and if i open up cloud

in resources and if i open up cloud shell

shell and run a cube ctl get pods command

and run a cube ctl get pods command you will see that new pods have started

you will see that new pods have started and you can tell this by the age of the

and you can tell this by the age of the pod as well if you ran the command keep

pod as well if you ran the command keep ctl describe pod along with the pod name

ctl describe pod along with the pod name you could also see the event logs when

you could also see the event logs when the pod was created and if i close cloud

the pod was created and if i close cloud shell i can see up here at the top of my

shell i can see up here at the top of my deployment details it shows that my

deployment details it shows that my replicas have one updated four ready

replicas have one updated four ready three available and one unavailable and

three available and one unavailable and if i click on refresh i can see now that

if i click on refresh i can see now that my replicas are all updated and

my replicas are all updated and available and so now in order to check

available and so now in order to check your new update you can simply go down

your new update you can simply go down to exposing services and click on the

to exposing services and click on the endpoints link you'll get that redirect

endpoints link you'll get that redirect notice you can simply click on the link

notice you can simply click on the link and because the old site may be cached

and because the old site may be cached in your browser you may have to refresh

in your browser you may have to refresh your web page

your web page and success and you have now completed a

and success and you have now completed a rolling update in gke so i wanted to

rolling update in gke so i wanted to congratulate you on making it to the end

congratulate you on making it to the end of this multi-part demo and hope that

of this multi-part demo and hope that it's been extremely useful in excelling

it's been extremely useful in excelling your knowledge in gke and so just as a

your knowledge in gke and so just as a recap you scaled your application to

recap you scaled your application to accommodate both less and more replicas

accommodate both less and more replicas you edited your application in the cloud

you edited your application in the cloud shell editor and rebuilt your container

shell editor and rebuilt your container image using cloud build you then applied

image using cloud build you then applied the new digest to your rolling update

the new digest to your rolling update and applied that rolling update to your

and applied that rolling update to your deployment while verifying it all in the

deployment while verifying it all in the end fantastic job on your part as this

end fantastic job on your part as this was a pretty complex and long multi-part

was a pretty complex and long multi-part demo and you can expect things like what

demo and you can expect things like what you've experienced in this demo to pop

you've experienced in this demo to pop up in your role of being a cloud

up in your role of being a cloud engineer when dealing with gke and so

engineer when dealing with gke and so that's pretty much all i wanted to cover

that's pretty much all i wanted to cover with this multi-part demo working with

with this multi-part demo working with gke so before you go i wanted to take a

gke so before you go i wanted to take a few moments to delete all the resources

few moments to delete all the resources you've created one by one so i'm going

you've created one by one so i'm going to go up to the top i'm going to close

to go up to the top i'm going to close all my tabs i'm going to head on over to

all my tabs i'm going to head on over to clusters and so i don't want to delete

clusters and so i don't want to delete my cluster just yet but the first thing

my cluster just yet but the first thing that i want to do is delete my container

that i want to do is delete my container images so i'm going to head up to the

images so i'm going to head up to the top and open up cloud shell

top and open up cloud shell and i'm going to use the command gcloud

and i'm going to use the command gcloud container images delete gcr dot io

container images delete gcr dot io forward slash your google cloud project

forward slash your google cloud project variable forward slash along with your

variable forward slash along with your first image of box of bow ties colon

first image of box of bow ties colon 1.0.0

1.0.0 hit enter it's going to prompt you if

hit enter it's going to prompt you if you want to continue you want to hit y

you want to continue you want to hit y for yes and it has now deleted the image

for yes and it has now deleted the image as well you want to delete your latest

as well you want to delete your latest image which is

image which is 1.0.1 so i'm going to change the zero to

1.0.1 so i'm going to change the zero to one hit enter it's going to ask if you

one hit enter it's going to ask if you want to continue yes and so the

want to continue yes and so the container images have now been deleted

container images have now been deleted and so now along with the images you

and so now along with the images you want to delete the artifacts as well and

want to delete the artifacts as well and those are stored in cloud storage so i'm

those are stored in cloud storage so i'm going to close down cloud shell i'm

going to close down cloud shell i'm going to head on up to the navigation

going to head on up to the navigation menu and i'm going to head down to

menu and i'm going to head down to storage and you want to select your

storage and you want to select your bucket that has your project name

bucket that has your project name underscore cloud build select the source

underscore cloud build select the source folder and click on delete and you're

folder and click on delete and you're going to get a prompt asking you to

going to get a prompt asking you to delete the selected folder but in order

delete the selected folder but in order to do this you need to type in the name

to do this you need to type in the name of the folder so i'm going to type it in

of the folder so i'm going to type it in now

now you can click on confirm and so now the

you can click on confirm and so now the folder has been deleted along with the

folder has been deleted along with the artifacts and so now that we've taken

artifacts and so now that we've taken care of the images along with the

care of the images along with the artifacts we need to clean up our gke

artifacts we need to clean up our gke cluster so i'm going to head back on up

cluster so i'm going to head back on up to the navigation menu and i'm going to

to the navigation menu and i'm going to head on over to kubernetes engine and

head on over to kubernetes engine and the first thing that i want to delete is

the first thing that i want to delete is the low balancer so i'm going to head on

the low balancer so i'm going to head on up to services and ingress and you can

up to services and ingress and you can select box of bow tie service and go up

select box of bow tie service and go up to the top and click on delete you're

to the top and click on delete you're going to get a confirmation and you want

going to get a confirmation and you want to click on delete and it's going to

to click on delete and it's going to take a couple minutes you do quick

take a couple minutes you do quick refresh and the service has finally been

refresh and the service has finally been deleted i now want to delete my workload

deleted i now want to delete my workload so i'm going to go over to the left hand

so i'm going to go over to the left hand menu click on workloads select the

menu click on workloads select the workload box of bowties and go up to the

workload box of bowties and go up to the top and click on delete and you want to

top and click on delete and you want to delete all resources including the

delete all resources including the horizontal pod auto scaler so you can

horizontal pod auto scaler so you can simply click on delete and it may take a

simply click on delete and it may take a few minutes to delete gonna go up to the

few minutes to delete gonna go up to the top and hit refresh and my workload has

top and hit refresh and my workload has been deleted and so now all that's left

been deleted and so now all that's left to delete is the gke cluster itself so

to delete is the gke cluster itself so i'm going to go back to clusters so

i'm going to go back to clusters so you're going to select the cluster and

you're going to select the cluster and go up to the top and click on delete and

go up to the top and click on delete and you're going to get a prompt asking you

you're going to get a prompt asking you if you want to delete these storage pods

if you want to delete these storage pods and these are default storage pods that

and these are default storage pods that are installed with the cluster as well

are installed with the cluster as well you can delete the cluster while the

you can delete the cluster while the workload is still in play but i have

workload is still in play but i have this habit of being thorough so i wanted

this habit of being thorough so i wanted to delete the workload before deleting

to delete the workload before deleting the cluster and so you want to go ahead

the cluster and so you want to go ahead and click on delete and so that's pretty

and click on delete and so that's pretty much all i have for this demo

much all i have for this demo and this section on google kubernetes

and this section on google kubernetes engine and again congrats on the great

engine and again congrats on the great job you can now mark this as complete

job you can now mark this as complete and i'll see you in the next one

and i'll see you in the next one [Music]

[Music] welcome back and in this lesson i will

welcome back and in this lesson i will be covering the features of cloud vpn an

be covering the features of cloud vpn an essential service for any engineer to

essential service for any engineer to know about when looking to connect

know about when looking to connect another network to google cloud whether

another network to google cloud whether it be your on-premises network another

it be your on-premises network another cloud provider

cloud provider or even when connecting to vpcs

or even when connecting to vpcs this service is a must know for any

this service is a must know for any engineer and for the exam so with that

engineer and for the exam so with that being said let's dive in

being said let's dive in now cloudvpn securely connects your peer

now cloudvpn securely connects your peer network to your vpc network through an

network to your vpc network through an ipsec vpn connection when i talk about a

ipsec vpn connection when i talk about a peer network this is referring to an

peer network this is referring to an on-premises vpn device or vpn service a

on-premises vpn device or vpn service a vpn gateway hosted by another cloud

vpn gateway hosted by another cloud provider such as aws or azure or another

provider such as aws or azure or another google cloud vpn gateway and so this is

google cloud vpn gateway and so this is an ipsec or encrypted tunnel from your

an ipsec or encrypted tunnel from your peer network to your vpc network that

peer network to your vpc network that traverses the public internet and so for

traverses the public internet and so for those who don't know ipsec being short

those who don't know ipsec being short for internet security protocol and this

for internet security protocol and this is a set of protocols using algorithms

is a set of protocols using algorithms allowing the transport of secure data

allowing the transport of secure data over an ip network ipsec operates at the

over an ip network ipsec operates at the network layer so layer 3 of the osi

network layer so layer 3 of the osi model which allows it to be independent

model which allows it to be independent of any applications although it does

of any applications although it does come with some additional overhead so

come with some additional overhead so please be aware and so when creating

please be aware and so when creating your cloud vpn

your cloud vpn traffic traveling between the two

traffic traveling between the two networks is encrypted by one vpn gateway

networks is encrypted by one vpn gateway and then decrypted by the other vpn

and then decrypted by the other vpn gateway now moving on to some details

gateway now moving on to some details about cloud vpn this is a regional

about cloud vpn this is a regional service and so please take that into

service and so please take that into consideration when connecting your

consideration when connecting your on-premises location to google cloud for

on-premises location to google cloud for the least amount of latency it also

the least amount of latency it also means that if that region were to go

means that if that region were to go down you would lose your connection

down you would lose your connection until the region is back up and running

until the region is back up and running now cloud vpn is also a site-to-site vpn

now cloud vpn is also a site-to-site vpn only and therefore it does not support

only and therefore it does not support site-to-client so this means that if you

site-to-client so this means that if you have a laptop or a computer at home you

have a laptop or a computer at home you cannot use this option with a vpn client

cannot use this option with a vpn client to connect to google cloud cloudvpn can

to connect to google cloud cloudvpn can also be used in conjunction with private

also be used in conjunction with private google access for your on-premises hosts

google access for your on-premises hosts so if you're using private google access

so if you're using private google access within gcp you can simply connect to

within gcp you can simply connect to your data center with vpn and have

your data center with vpn and have access as if you were already in gcp so

access as if you were already in gcp so if you're looking to extend private

if you're looking to extend private google access to your on-premises data

google access to your on-premises data center cloud vpn would be the perfect

center cloud vpn would be the perfect choice and so when it comes to speeds

choice and so when it comes to speeds each cloud vpn tunnel can support up to

each cloud vpn tunnel can support up to three gigabits per second total for

three gigabits per second total for ingress and egress as well routing

ingress and egress as well routing options that are available are both

options that are available are both static and dynamic but are only

static and dynamic but are only available as dynamic for aha vpn and

available as dynamic for aha vpn and lastly cloudvpn supports ik version 1

lastly cloudvpn supports ik version 1 and ike version 2 using shared secret

and ike version 2 using shared secret and for those of you who are unaware ike

and for those of you who are unaware ike stands for internet key exchange and

stands for internet key exchange and this helps establish a secure

this helps establish a secure authenticated communication channel by

authenticated communication channel by using a key exchange algorithm to

using a key exchange algorithm to generate a shared secret key to encrypt

generate a shared secret key to encrypt communications so know that when you

communications so know that when you choose cloudvpn that your connection is

choose cloudvpn that your connection is both private and secure so now there are

both private and secure so now there are two types of vpn options that are

two types of vpn options that are available in google cloud one being the

available in google cloud one being the classic vpn and the other being h a vpn

classic vpn and the other being h a vpn and i'm going to take a moment to go

and i'm going to take a moment to go through the differences now with classic

through the differences now with classic vpn this provides a service level

vpn this provides a service level agreement of 99.9 percent also known as

agreement of 99.9 percent also known as an sla of three nines while h a vpn

an sla of three nines while h a vpn provides a four nines sla when

provides a four nines sla when configured with two interfaces and two

configured with two interfaces and two external ips now when it comes to

external ips now when it comes to routing classic vpn supports both static

routing classic vpn supports both static and dynamic routing whereas havpn

and dynamic routing whereas havpn supports dynamic routing only and this

supports dynamic routing only and this must be done through bgp using cloud

must be done through bgp using cloud router classic vpn gateways have a

router classic vpn gateways have a single interface

single interface and a single external ip address and

and a single external ip address and support tunnels using static routing as

support tunnels using static routing as well as dynamic routing and the static

well as dynamic routing and the static routing can be either route based or

routing can be either route based or policy based whereas with havpn it can

policy based whereas with havpn it can be configured for two interfaces and two

be configured for two interfaces and two external ips for true ha capabilities

external ips for true ha capabilities and as mentioned earlier when it comes

and as mentioned earlier when it comes to routing for havpn dynamic routing is

to routing for havpn dynamic routing is the only available option now the one

the only available option now the one thing about classic vpn is that google

thing about classic vpn is that google cloud is deprecating certain

cloud is deprecating certain functionality on october 31st of 2021

functionality on october 31st of 2021 and is recommending all their customers

and is recommending all their customers to move to h a vpn and so know that this

to move to h a vpn and so know that this has not been reflected in the exam and

has not been reflected in the exam and not sure if and when it will be but know

not sure if and when it will be but know that when you are creating a cloud vpn

that when you are creating a cloud vpn connection in your current environment h

connection in your current environment h a vpn is the recommended option and so

a vpn is the recommended option and so now i wanted to dive into some

now i wanted to dive into some architecture of how cloud vpn is set up

architecture of how cloud vpn is set up for these two options starting with

for these two options starting with classic vpn

classic vpn now as i said before classic vpn is a

now as i said before classic vpn is a cloud vpn solution

cloud vpn solution that lets you connect your peer network

that lets you connect your peer network to your vpc network through an ipsec vpn

to your vpc network through an ipsec vpn connection in a single region now unlike

connection in a single region now unlike h a vpn classic vpn offers no redundancy

h a vpn classic vpn offers no redundancy out of the box you would have to create

out of the box you would have to create another vpn connection and if the

another vpn connection and if the connection were to go down you would

connection were to go down you would have to manually switch over the

have to manually switch over the connection from one to the other now as

connection from one to the other now as you can see here when you create a vpn

you can see here when you create a vpn gateway google cloud automatically

gateway google cloud automatically chooses only one external ip address for

chooses only one external ip address for its interface and the diagram shown here

its interface and the diagram shown here shows that of a classic vpn network

shows that of a classic vpn network connected from the bowtie dash network

connected from the bowtie dash network vpc in bowtie project to an on-premises

vpc in bowtie project to an on-premises network configured using a static route

network configured using a static route to connect now moving on to h-a-v-p-n

to connect now moving on to h-a-v-p-n again this is a highly available cloud

again this is a highly available cloud vpn solution that lets you connect your

vpn solution that lets you connect your peer network to your vpc network using

peer network to your vpc network using an ipsec vpn connection in a single

an ipsec vpn connection in a single region exactly like classic vpn where

region exactly like classic vpn where havpn differs is that it provides four

havpn differs is that it provides four nines sla and as you can see here it

nines sla and as you can see here it supports double the connections so when

supports double the connections so when you create an h a vpn gateway google

you create an h a vpn gateway google cloud automatically chooses two external

cloud automatically chooses two external ip addresses

ip addresses one for each of its fixed number of two

one for each of its fixed number of two interfaces each ip address is

interfaces each ip address is automatically chosen from a unique

automatically chosen from a unique address pool to support high

address pool to support high availability each of these ha vpn

availability each of these ha vpn gateway interfaces supports multiple

gateway interfaces supports multiple tunnels which allows you to create

tunnels which allows you to create multiple h a vpn gateways and you can

multiple h a vpn gateways and you can configure an h a vpn gateway with only

configure an h a vpn gateway with only one active interface and one public ip

one active interface and one public ip address however this configuration does

address however this configuration does not provide a four nines sla now for h a

not provide a four nines sla now for h a vpn gateway you configure an external

vpn gateway you configure an external peer vpn gateway resource that

peer vpn gateway resource that represents your physical peer gateway in

represents your physical peer gateway in google cloud you can also create this

google cloud you can also create this resource as a standalone resource and

resource as a standalone resource and use it later in this diagram the two

use it later in this diagram the two interfaces of an h a vpn gateway in the

interfaces of an h a vpn gateway in the bowtie network vpc living in bowtie

bowtie network vpc living in bowtie project are connected to two peer vpn

project are connected to two peer vpn gateways in an on-premises network and

gateways in an on-premises network and this connection is using dynamic routing

this connection is using dynamic routing with bgp connecting to a cloud router in

with bgp connecting to a cloud router in google cloud now when it comes to the

google cloud now when it comes to the times when using cloudvpn makes sense

times when using cloudvpn makes sense one of the first things you should think

one of the first things you should think about is whether or not you need public

about is whether or not you need public internet access so when you're sharing

internet access so when you're sharing files or your company needs a specific

files or your company needs a specific sas product that's only available on the

sas product that's only available on the internet vpn would be your only option

internet vpn would be your only option as well when you're looking to use

as well when you're looking to use interconnect and your peering location

interconnect and your peering location is not available so you're not able to

is not available so you're not able to connect your data center to the

connect your data center to the colocation facility of your choice vpn

colocation facility of your choice vpn would be the only other option that you

would be the only other option that you have as well if budget constraints come

have as well if budget constraints come into play when deciding on connecting to

into play when deciding on connecting to your peer network vpn would always be

your peer network vpn would always be the way to go as cloud interconnect is

the way to go as cloud interconnect is going to be the more expensive option

going to be the more expensive option and lastly if you don't need a high

and lastly if you don't need a high speed network and low latency is not

speed network and low latency is not really a concern for you and you only

really a concern for you and you only have regular outgoing traffic coming

have regular outgoing traffic coming from google cloud then vpn would suffice

from google cloud then vpn would suffice for your everyday needs and so the

for your everyday needs and so the options shown here are also the deciding

options shown here are also the deciding factors to look for when it comes to

factors to look for when it comes to questions in the exam that refer to

questions in the exam that refer to cloudvpn or connecting networks and so

cloudvpn or connecting networks and so that's pretty much all i have for this

that's pretty much all i have for this short lesson on cloudvpn so you can now

short lesson on cloudvpn so you can now mark this lesson as complete and let's

mark this lesson as complete and let's move on to the next one

move on to the next one [Music]

[Music] welcome back and in this lesson i'm

welcome back and in this lesson i'm going to go over another connection type

going to go over another connection type that allows for on-premises connectivity

that allows for on-premises connectivity to your google cloud vpcs which is cloud

to your google cloud vpcs which is cloud interconnect other than vpn this is the

interconnect other than vpn this is the other connection type that allows

other connection type that allows connectivity from your on-premises

connectivity from your on-premises environment to your google cloud vpc

environment to your google cloud vpc cloud interconnect is the most common

cloud interconnect is the most common connection for most larger organizations

connection for most larger organizations and are for those that demand fast low

and are for those that demand fast low latency connections this lesson will

latency connections this lesson will cover the features of cloud interconnect

cover the features of cloud interconnect and the different types that are

and the different types that are available so with that being said let's

available so with that being said let's dive in so getting right into it cloud

dive in so getting right into it cloud interconnect is a low latency highly

interconnect is a low latency highly available connection between your

available connection between your on-premises data center and google cloud

on-premises data center and google cloud vpc networks also cloud interconnect

vpc networks also cloud interconnect connections provide internal ip address

connections provide internal ip address connection which means internal ip

connection which means internal ip addresses are directly accessible from

addresses are directly accessible from both networks and so on premises hosts

both networks and so on premises hosts can use internal ip addresses and take

can use internal ip addresses and take advantage of private google access

advantage of private google access rather than external ip addresses to

rather than external ip addresses to reach google apis and services traffic

reach google apis and services traffic between your on-premises network and

between your on-premises network and your vpc network doesn't traverse the

your vpc network doesn't traverse the public internet traffic traverses a

public internet traffic traverses a dedicated connection or through a

dedicated connection or through a service provider with a dedicated

service provider with a dedicated connection your vpc network's internal

connection your vpc network's internal ip addresses are directly accessible

ip addresses are directly accessible from your on-premises network now unlike

from your on-premises network now unlike vpn this connection is not encrypted if

vpn this connection is not encrypted if you need to encrypt your traffic at the

you need to encrypt your traffic at the ip layer you can create one or more

ip layer you can create one or more self-managed vpn gateways in your vpc

self-managed vpn gateways in your vpc network and assign a private ip address

network and assign a private ip address to each gateway now although this may be

to each gateway now although this may be a very fast connection it also comes

a very fast connection it also comes with a very high price tag now unlike

with a very high price tag now unlike vpn this connection type is not

vpn this connection type is not encrypted if you need to encrypt your

encrypted if you need to encrypt your traffic at the ip layer you can create

traffic at the ip layer you can create one or more self-managed vpn gateways in

one or more self-managed vpn gateways in your vpc network and assign a private ip

your vpc network and assign a private ip address to each gateway now although

address to each gateway now although this may be a very fast connection it

this may be a very fast connection it also comes with a very high price tag

also comes with a very high price tag and is the highest price connection type

and is the highest price connection type cloud interconnect offers two options

cloud interconnect offers two options for extending your on-premises network

for extending your on-premises network dedicated interconnect which provides a

dedicated interconnect which provides a direct physical connection between your

direct physical connection between your on-premises network and google's network

on-premises network and google's network as well as partner interconnect which

as well as partner interconnect which provides connectivity between your

provides connectivity between your on-premises and vpc networks through a

on-premises and vpc networks through a supported service provider and so i

supported service provider and so i wanted to take a moment to highlight the

wanted to take a moment to highlight the different options for cloud interconnect

different options for cloud interconnect starting with dedicated interconnect now

starting with dedicated interconnect now dedicated interconnect provides a direct

dedicated interconnect provides a direct physical connection between your

physical connection between your on-premises network and google's network

on-premises network and google's network dedicated interconnect enables you to

dedicated interconnect enables you to transfer large amounts of data between

transfer large amounts of data between your network and google cloud which can

your network and google cloud which can be more cost effective than purchasing

be more cost effective than purchasing additional bandwidth over the public

additional bandwidth over the public internet for dedicated interconnect you

internet for dedicated interconnect you provision a dedicated interconnect

provision a dedicated interconnect connection between the google network

connection between the google network and your own router in a common location

and your own router in a common location the following example shown here shows a

the following example shown here shows a single dedicated interconnect connection

single dedicated interconnect connection between a vpc network and an on-premises

between a vpc network and an on-premises network for this basic setup a dedicated

network for this basic setup a dedicated interconnect connection is provisioned

interconnect connection is provisioned between the google network and the

between the google network and the on-premises router in a common

on-premises router in a common co-location facility when you create a

co-location facility when you create a vlan attachment you associate it with a

vlan attachment you associate it with a cloud router this cloud router creates a

cloud router this cloud router creates a bgp session for the vlan attachment and

bgp session for the vlan attachment and its corresponding on-premises peer

its corresponding on-premises peer router these routes are added as custom

router these routes are added as custom dynamic routes in your vpc network and

dynamic routes in your vpc network and so for dedicated interconnect connection

so for dedicated interconnect connection capacity is delivered over one or more

capacity is delivered over one or more 10 gigabits per second or 100 gigabits

10 gigabits per second or 100 gigabits per second ethernet connections with the

per second ethernet connections with the follow-on maximum capacity supported per

follow-on maximum capacity supported per interconnect connection so with your 10

interconnect connection so with your 10 gigabit per second connections you can

gigabit per second connections you can get up to eight connections totaling a

get up to eight connections totaling a speed of 80 gigabits per second with the

speed of 80 gigabits per second with the 100 gigabit per second connection you

100 gigabit per second connection you can connect two of them together to have

can connect two of them together to have a total speed of 200 gigabits per second

a total speed of 200 gigabits per second and so for dedicated interconnect your

and so for dedicated interconnect your network must physically meet google's

network must physically meet google's network in a supported co-location

network in a supported co-location facility also known as an interconnect

facility also known as an interconnect connection location this facility

connection location this facility is where a vendor the co-location

is where a vendor the co-location facility provider provisions a circuit

facility provider provisions a circuit between your network and a google edge

between your network and a google edge point of presence also known as a pop

point of presence also known as a pop the setup shown here is suitable for

the setup shown here is suitable for non-critical applications that can

non-critical applications that can tolerate some downtime but for sensitive

tolerate some downtime but for sensitive production applications at least two

production applications at least two interconnect connections in two

interconnect connections in two different edge availability domains are

different edge availability domains are recommended now partner interconnect

recommended now partner interconnect provides connectivity between your

provides connectivity between your on-premises network and your vpc network

on-premises network and your vpc network through a supported service provider so

through a supported service provider so this is not a direct connection from

this is not a direct connection from your on-premises network to google as

your on-premises network to google as the service provider provides a conduit

the service provider provides a conduit between your on-premises network and

between your on-premises network and google's pop now a partner interconnect

google's pop now a partner interconnect connection is useful if a dedicated

connection is useful if a dedicated interconnect co-location facility is

interconnect co-location facility is physically out of reach or your

physically out of reach or your workloads don't warrant an entire 10

workloads don't warrant an entire 10 gigabit per second connection for

gigabit per second connection for partner interconnect 50 megabits per

partner interconnect 50 megabits per second to 50 gigabits per second vlan

second to 50 gigabits per second vlan attachments are available with the

attachments are available with the maximum supported attachment size of 50

maximum supported attachment size of 50 gigabits per second now service

gigabits per second now service providers have existing physical

providers have existing physical connections to google's network that

connections to google's network that they make available for their customer

they make available for their customer to use so in this example shown here you

to use so in this example shown here you would provision a partner interconnect

would provision a partner interconnect connection with a service provider and

connection with a service provider and connecting your on-premises network to

connecting your on-premises network to that service provider after connectivity

that service provider after connectivity is established with the service provider

is established with the service provider a partner interconnect connection is

a partner interconnect connection is requested from the service provider and

requested from the service provider and the service provider configures your vln

the service provider configures your vln attachment for use once your connection

attachment for use once your connection is provisioned you can start passing

is provisioned you can start passing traffic between your networks by using

traffic between your networks by using the service providers network now there

the service providers network now there are many more detailed steps involved to

are many more detailed steps involved to get a connection established along with

get a connection established along with traffic flowing but i just wanted to

traffic flowing but i just wanted to give you a high level summary of how a

give you a high level summary of how a connection would be established with a

connection would be established with a service provider now as well to build a

service provider now as well to build a highly available topology you can use

highly available topology you can use multiple service providers as well you

multiple service providers as well you must build redundant connections for

must build redundant connections for each service provider in each

each service provider in each metropolitan and so now there's a couple

metropolitan and so now there's a couple more connection types that run through

more connection types that run through service providers that are not on the

service providers that are not on the exam but i wanted you to be aware of

exam but i wanted you to be aware of them if ever the situation arises in

them if ever the situation arises in your role as a cloud engineer so the

your role as a cloud engineer so the first one is direct peering and direct

first one is direct peering and direct peering enables you to establish a

peering enables you to establish a direct peering connection between your

direct peering connection between your business network and google's edge

business network and google's edge network and exchange high throughput

network and exchange high throughput cloud traffic this capability is

cloud traffic this capability is available at any of more than 100

available at any of more than 100 locations in 33 countries around the

locations in 33 countries around the world when established direct peering

world when established direct peering provides a direct path from your

provides a direct path from your on-premises network to google services

on-premises network to google services including google cloud products that can

including google cloud products that can be exposed through one or more public ip

be exposed through one or more public ip addresses traffic from google's network

addresses traffic from google's network to your on-premises network also takes

to your on-premises network also takes that direct path

that direct path including traffic from vpc networks in

including traffic from vpc networks in your projects now you can also save

your projects now you can also save money and receive direct egress pricing

money and receive direct egress pricing for your projects after they have

for your projects after they have established direct peering with google

established direct peering with google direct peering exists outside of google

direct peering exists outside of google cloud unless you need to access google

cloud unless you need to access google workspace applications the recommended

workspace applications the recommended methods of access to google cloud are

methods of access to google cloud are dedicated interconnect or partner

dedicated interconnect or partner interconnect establishing a direct

interconnect establishing a direct peering connection with google is free

peering connection with google is free and there are no costs per port and no

and there are no costs per port and no per hour charges you just have to meet

per hour charges you just have to meet google's technical peering requirements

google's technical peering requirements and can then be considered for the

and can then be considered for the direct peering service

direct peering service and moving on to the last connection

and moving on to the last connection type is cdn interconnect now i know we

type is cdn interconnect now i know we haven't gotten into cdns in the course

haven't gotten into cdns in the course as the exam does not require you to know

as the exam does not require you to know it but cdn standing for content delivery

it but cdn standing for content delivery network is what caches content at the

network is what caches content at the network edge to deliver files faster to

network edge to deliver files faster to those requesting it one of the main ways

those requesting it one of the main ways to improve website performance now

to improve website performance now moving on to cdn interconnect this

moving on to cdn interconnect this connection type enables select

connection type enables select third-party cdn providers like akamai

third-party cdn providers like akamai and cloudflare along with others to

and cloudflare along with others to establish and optimize your cdn

establish and optimize your cdn population costs by using direct peering

population costs by using direct peering links with google's edge network and

links with google's edge network and enables you to direct your traffic from

enables you to direct your traffic from your vpc networks to the provider's

your vpc networks to the provider's network and so your egress traffic from

network and so your egress traffic from google cloud through one of these links

google cloud through one of these links benefits from the direct connectivity to

benefits from the direct connectivity to the cdn provider and is billed

the cdn provider and is billed automatically with reduced pricing

automatically with reduced pricing typical use cases for cdn interconnect

typical use cases for cdn interconnect is if you're populating your cdn with

is if you're populating your cdn with large data files from google cloud or

large data files from google cloud or you have frequent content updates stored

you have frequent content updates stored in different cdn locations and so

in different cdn locations and so getting into the use cases of when to

getting into the use cases of when to use cloud interconnect a big purpose for

use cloud interconnect a big purpose for it would be to prevent traffic from

it would be to prevent traffic from traversing the public internet it is a

traversing the public internet it is a dedicated physical connection right to

dedicated physical connection right to google's data centers so when you need

google's data centers so when you need an extension of your vpc network to your

an extension of your vpc network to your on-premises network interconnect is

on-premises network interconnect is definitely the way to go now in speed

definitely the way to go now in speed and low latencies of extreme importance

and low latencies of extreme importance interconnect is always the best option

interconnect is always the best option and will support up to 200 gigabits per

and will support up to 200 gigabits per second as well when you have heavy

second as well when you have heavy outgoing traffic or egress traffic

outgoing traffic or egress traffic leaving google cloud cloud interconnect

leaving google cloud cloud interconnect fits the bill perfectly and lastly when

fits the bill perfectly and lastly when it comes to private google access this

it comes to private google access this travels over the backbone of google's

travels over the backbone of google's network and so when you are connected

network and so when you are connected with interconnect this is an extension

with interconnect this is an extension of that backbone and therefore your

of that backbone and therefore your on-premises hosts will be able to take

on-premises hosts will be able to take advantage of private google access and

advantage of private google access and so i hope this has given you some

so i hope this has given you some clarity on the differences between the

clarity on the differences between the different connection types and how to

different connection types and how to extend your google cloud network to a

extend your google cloud network to a peer or on-premises network so that's

peer or on-premises network so that's pretty much all i had to cover when it

pretty much all i had to cover when it comes to cloud interconnect so you can

comes to cloud interconnect so you can now mark this lesson as complete and

now mark this lesson as complete and let's move on to the next one

let's move on to the next one [Music]

[Music] welcome back in this lesson i'm going to

welcome back in this lesson i'm going to be covering an overview of app engine

be covering an overview of app engine now this is not a deep dive lesson for

now this is not a deep dive lesson for app engine as there is so much to cover

app engine as there is so much to cover with this service but i will be listing

with this service but i will be listing a lot of the features of app engine to

a lot of the features of app engine to give you a good feel for what it can do

give you a good feel for what it can do and what you will need to know for the

and what you will need to know for the exam so with that being said let's dive

exam so with that being said let's dive in now app engine is a fully managed

in now app engine is a fully managed serverless platform for developing and

serverless platform for developing and hosting web applications at scale this

hosting web applications at scale this is google's platform as a service

is google's platform as a service offering that was designed for

offering that was designed for developers so that they can develop

developers so that they can develop their application and let app engine do

their application and let app engine do all the heavy lifting by taking care of

all the heavy lifting by taking care of provisioning the servers and scaling the

provisioning the servers and scaling the instances needed based on demand app

instances needed based on demand app engine gives you the flexibility of

engine gives you the flexibility of launching your code as is or you can

launching your code as is or you can launch it as a container and uses

launch it as a container and uses runtime environments of a variety of

runtime environments of a variety of different programming languages like

different programming languages like python java node.js go ruby php or net

python java node.js go ruby php or net applications deployed on app engine that

applications deployed on app engine that experience regular traffic fluctuations

experience regular traffic fluctuations or newly deployed applications where

or newly deployed applications where you're simply unsure about the load are

you're simply unsure about the load are auto scaled accordingly and

auto scaled accordingly and automatically your apps scale up to the

automatically your apps scale up to the number of instances that are running to

number of instances that are running to provide consistent performance or scale

provide consistent performance or scale down to minimize idle instances and

down to minimize idle instances and reduces costs app engine also has the

reduces costs app engine also has the capabilities of being able to deal with

capabilities of being able to deal with rapid scaling for sudden extreme spikes

rapid scaling for sudden extreme spikes of traffic having multiple versions of

of traffic having multiple versions of your application within each service

your application within each service allows you to quickly switch between

allows you to quickly switch between different versions of that application

different versions of that application for rollbacks testing or other temporary

for rollbacks testing or other temporary events you can route traffic to one or

events you can route traffic to one or more specific versions of your

more specific versions of your application by migrating or splitting

application by migrating or splitting traffic and you can use traffic

traffic and you can use traffic splitting to specify a percentage

splitting to specify a percentage distribution of traffic across two or

distribution of traffic across two or more of the versions within a service

more of the versions within a service and allows you to do a b testing or blue

and allows you to do a b testing or blue green deployment between your versions

green deployment between your versions when rolling out new features app engine

when rolling out new features app engine supports connecting to back-end storage

supports connecting to back-end storage services such as cloud firestore cloud

services such as cloud firestore cloud sql and cloud storage along with

sql and cloud storage along with connecting to on-premises databases and

connecting to on-premises databases and even external databases that are hosted

even external databases that are hosted on other public clouds app engine is

on other public clouds app engine is available in two separate flavors

available in two separate flavors standard and flexible environments and

standard and flexible environments and each environment offers their own set of

each environment offers their own set of features that i will get into in just a

features that i will get into in just a sec

sec now as i mentioned before app engine is

now as i mentioned before app engine is available in standard and flexible

available in standard and flexible environments and depending on your

environments and depending on your application needs either one will

application needs either one will support what you need for your workload

support what you need for your workload or you could even use both

or you could even use both simultaneously the features shown here

simultaneously the features shown here will give you a feel for both types of

will give you a feel for both types of environments and i'm going to be doing a

environments and i'm going to be doing a quick run through summarizing the

quick run through summarizing the features of each starting with the

features of each starting with the standard environment now with the

standard environment now with the standard environment applications run in

standard environment applications run in a secure sandboxed environment allowing

a secure sandboxed environment allowing app engine standard to distribute

app engine standard to distribute requests across multiple servers and

requests across multiple servers and scaling servers to meet traffic demands

scaling servers to meet traffic demands your application runs with its own

your application runs with its own secure reliable environment that is

secure reliable environment that is independent of the hardware

independent of the hardware operating system or physical location of

operating system or physical location of the server the source code is written in

the server the source code is written in specific versions

specific versions of the supported programming languages

of the supported programming languages and with app engine standard it is

and with app engine standard it is intended to run for free or at a very

intended to run for free or at a very low cost where you pay only for what you

low cost where you pay only for what you need and when you need it with app

need and when you need it with app engine standard your application can

engine standard your application can scale to zero instances when there is no

scale to zero instances when there is no traffic app engine standard is designed

traffic app engine standard is designed for sudden and extreme spikes of traffic

for sudden and extreme spikes of traffic which require immediate scaling and

which require immediate scaling and pricing for standard app engine is based

pricing for standard app engine is based on instance hours and so when it comes

on instance hours and so when it comes to features for app engine flexible the

to features for app engine flexible the application instances run within docker

application instances run within docker containers that includes a custom

containers that includes a custom runtime or source code written in other

runtime or source code written in other programming languages these docker

programming languages these docker containers are then run on compute

containers are then run on compute engine vms app engine flexible will run

engine vms app engine flexible will run any source code that is written in a

any source code that is written in a version of any of the supported

version of any of the supported programming languages for app engine

programming languages for app engine flexible and unlike the standard

flexible and unlike the standard environment unfortunately there is no

environment unfortunately there is no free quota for app engine flexible as

free quota for app engine flexible as well app engine flexible is designed for

well app engine flexible is designed for consistent traffic or for applications

consistent traffic or for applications that experience regular traffic

that experience regular traffic fluctuations and pricing is based on the

fluctuations and pricing is based on the vm resources and not on instance hours

vm resources and not on instance hours like app engine standard and so where

like app engine standard and so where app engine flexible really shines over

app engine flexible really shines over app engine standard are how the vms are

app engine standard are how the vms are managed so instances are health checked

managed so instances are health checked healed as necessary and co-located with

healed as necessary and co-located with other services within the project the

other services within the project the vm's operating system is updated and

vm's operating system is updated and applied automatically as well vms are

applied automatically as well vms are restarted on a weekly basis to make sure

restarted on a weekly basis to make sure any necessary operating system and

any necessary operating system and security updates are applied ssh along

security updates are applied ssh along with root access are available to the vm

with root access are available to the vm instances running your containers now

instances running your containers now deploying applications to app engine is

deploying applications to app engine is as simple as using the gcloud app deploy

as simple as using the gcloud app deploy command

command this command automatically builds a

this command automatically builds a container image from your configuration

container image from your configuration file by using the cloud build service

file by using the cloud build service and then deploys that image to app

and then deploys that image to app engine now an app engine application is

engine now an app engine application is made up of a single application resource

made up of a single application resource that consists of one or more services

that consists of one or more services each service can be configured to use

each service can be configured to use different runtimes and to operate with

different runtimes and to operate with different performance settings

different performance settings services and app engine are used to

services and app engine are used to factor your large applications into

factor your large applications into logical components

logical components that can securely share app engine

that can securely share app engine features and communicate with one

features and communicate with one another these app engine services become

another these app engine services become loosely coupled behaving like

loosely coupled behaving like microservices now within each service

microservices now within each service you deploy versions of that service and

you deploy versions of that service and each version then runs within one or

each version then runs within one or more instances depending on how much

more instances depending on how much traffic you configured it to handle

traffic you configured it to handle having multiple versions of your

having multiple versions of your application within each service allows

application within each service allows you to quickly switch between different

you to quickly switch between different versions of that application for

versions of that application for rollbacks testing or other temporary

rollbacks testing or other temporary events you can route traffic to one or

events you can route traffic to one or more specific versions of your

more specific versions of your application by migrating traffic to one

application by migrating traffic to one specific version

specific version or splitting your traffic between two

or splitting your traffic between two separate versions and so the versions

separate versions and so the versions within your services run on one or more

within your services run on one or more instances by default app engine scales

instances by default app engine scales your application to match the load your

your application to match the load your applications will scale up the number of

applications will scale up the number of instances that are running to provide

instances that are running to provide consistent performance or scale down to

consistent performance or scale down to minimize idle instances and reduce costs

minimize idle instances and reduce costs now when it comes to managing instances

now when it comes to managing instances app engine can automatically create and

app engine can automatically create and shut down instances as traffic

shut down instances as traffic fluctuates or you can specify a number

fluctuates or you can specify a number of instances to run

of instances to run regardless of the amount of traffic you

regardless of the amount of traffic you can also configure how and when new

can also configure how and when new instances are created by specifying a

instances are created by specifying a scaling type for your application and

scaling type for your application and how you do this is you specify the

how you do this is you specify the scaling type in your application's

scaling type in your application's app.yaml file now there are three

app.yaml file now there are three different types of scaling choices to

different types of scaling choices to choose from and the first one being

choose from and the first one being automatic scaling and this scaling type

automatic scaling and this scaling type creates instances based on request rate

creates instances based on request rate response latencies and other application

response latencies and other application metrics you can specify thresholds for

metrics you can specify thresholds for each of these metrics as well as a

each of these metrics as well as a minimum number instances to keep running

minimum number instances to keep running at all times if you use automatic

at all times if you use automatic scaling each instance in your

scaling each instance in your application has its own queue for

application has its own queue for incoming requests before the queues

incoming requests before the queues become long enough to have a visible

become long enough to have a visible effect on your app's latency app engine

effect on your app's latency app engine automatically creates one or more new

automatically creates one or more new instances to handle the load the second

instances to handle the load the second type is basic scaling and this creates

type is basic scaling and this creates instances when your application receives

instances when your application receives requests each instance is shut down when

requests each instance is shut down when the application becomes idle basic

the application becomes idle basic scaling is fantastic for intermittent

scaling is fantastic for intermittent workloads or if you're looking to drive

workloads or if you're looking to drive your application by user activity app

your application by user activity app engine will try to keep your costs low

engine will try to keep your costs low even though it might result in higher

even though it might result in higher latency as the volume of incoming

latency as the volume of incoming requests increase and so the last

requests increase and so the last scaling type is manual scaling and this

scaling type is manual scaling and this is where you specify the number of

is where you specify the number of instances that continuously run

instances that continuously run regardless of the load so these are

regardless of the load so these are instances that are constantly running

instances that are constantly running and this allows complex startup tasks on

and this allows complex startup tasks on the instances to have already been

the instances to have already been completed when receiving requests and

completed when receiving requests and applications that rely on the state of

applications that rely on the state of the memory over time so this is ideal

the memory over time so this is ideal for instances whose configuration

for instances whose configuration scripts require some time to fully run

scripts require some time to fully run their course so now that i've gone over

their course so now that i've gone over managing the instances i wanted to take

managing the instances i wanted to take a few moments to go over how app engine

a few moments to go over how app engine manages traffic starting with traffic

manages traffic starting with traffic migration now traffic migration switches

migration now traffic migration switches the request routing between the versions

the request routing between the versions within a service of your application

within a service of your application moving traffic from one or more versions

moving traffic from one or more versions to a single new version so when

to a single new version so when deploying a new version with the same

deploying a new version with the same name of an existing version it causes an

name of an existing version it causes an immediate traffic migration all

immediate traffic migration all instances of the old version are

instances of the old version are immediately shut down in app engine

immediately shut down in app engine standard you can choose to route

standard you can choose to route requests to the target version either

requests to the target version either immediately or gradually you can also

immediately or gradually you can also choose to enable warm-up requests if you

choose to enable warm-up requests if you want the traffic gradually migrated to a

want the traffic gradually migrated to a version gradual traffic migration is not

version gradual traffic migration is not supported in app engine flexible and

supported in app engine flexible and traffic is migrated immediately now one

traffic is migrated immediately now one thing to note is that when you

thing to note is that when you immediately migrate traffic to a new

immediately migrate traffic to a new version without any running instances

version without any running instances then your application will have a spike

then your application will have a spike in latency for loading requests

in latency for loading requests while instances are being created and so

while instances are being created and so another way to manage traffic on app

another way to manage traffic on app engine is through traffic splitting now

engine is through traffic splitting now you can use traffic splitting to specify

you can use traffic splitting to specify a percentage distribution of traffic

a percentage distribution of traffic across two or more of the versions

across two or more of the versions within a service so in this example if

within a service so in this example if i'm deploying a new version of my

i'm deploying a new version of my service i can decide on how i want to

service i can decide on how i want to distribute traffic to each version of my

distribute traffic to each version of my application and so i decide that i want

application and so i decide that i want to keep my current version in play but

to keep my current version in play but roll out the new version of my

roll out the new version of my application to 10 of my users leaving

application to 10 of my users leaving the old version was still 90 of the

the old version was still 90 of the traffic going to that version and so

traffic going to that version and so splitting traffic allows you to conduct

splitting traffic allows you to conduct a b testing between your versions and

a b testing between your versions and provides control over the pace when

provides control over the pace when rolling out features and just as a note

rolling out features and just as a note when you've specified two or more

when you've specified two or more versions for splitting you must choose

versions for splitting you must choose whether to split traffic by either by

whether to split traffic by either by either ip address http cookie or do it

either ip address http cookie or do it randomly now again this has not been a

randomly now again this has not been a deep dive lesson on app engine but i

deep dive lesson on app engine but i hope this has given you an overview of

hope this has given you an overview of the features that are available as the

the features that are available as the exam touches on these features i also

exam touches on these features i also wanted to give you some familiarity with

wanted to give you some familiarity with the service itself as coming up next i

the service itself as coming up next i will be going into a demo where we will

will be going into a demo where we will be launching an application using app

be launching an application using app engine and trying on some of these

engine and trying on some of these features for yourself and so that's

features for yourself and so that's pretty much all i wanted to cover

pretty much all i wanted to cover when it comes to app engine so you can

when it comes to app engine so you can now mark this lesson as complete and

now mark this lesson as complete and whenever you're ready join me in the

whenever you're ready join me in the console where you will deploy an

console where you will deploy an application on app engine and try out

application on app engine and try out some of these features for yourself

some of these features for yourself [Music]

[Music] welcome back and in this demo you're

welcome back and in this demo you're going to build another application to

going to build another application to deploy on app engine called serverless

deploy on app engine called serverless bowties this demo will run you through

bowties this demo will run you through the ins and outs of deploying a website

the ins and outs of deploying a website application on app engine along with

application on app engine along with managing it while experiencing no

managing it while experiencing no downtime so there's quite a bit of work

downtime so there's quite a bit of work to do here so with that being said let's

to do here so with that being said let's dive in and so here in my console i am

dive in and so here in my console i am logged in as tonybowtieace gmail.com

logged in as tonybowtieace gmail.com under project bowtie inc and so the

under project bowtie inc and so the first thing i want to do here is i want

first thing i want to do here is i want to head on over to app engine so in

to head on over to app engine so in order to do that i'm going to go to the

order to do that i'm going to go to the top left-hand navigation menu and i'm

top left-hand navigation menu and i'm going to go down to app engine and

going to go down to app engine and because i haven't created any

because i haven't created any applications i'm going to be brought to

applications i'm going to be brought to this splash page now in order to deploy

this splash page now in order to deploy this application we're not going to be

this application we're not going to be doing it through the console but we will

doing it through the console but we will be doing it through the command line and

be doing it through the command line and so to get started with that i'm going to

so to get started with that i'm going to go up to the top and open up cloud shell

go up to the top and open up cloud shell i'm going to make this bigger for better

i'm going to make this bigger for better viewing and so in order for me to get

viewing and so in order for me to get the code to launch this application i'm

the code to launch this application i'm going to be cloning my github repository

going to be cloning my github repository into cloud shell and so for those of you

into cloud shell and so for those of you who haven't deleted your repository from

who haven't deleted your repository from the last demo you can go ahead and skip

the last demo you can go ahead and skip the cloning step for those of you who

the cloning step for those of you who need to clone your repository you will

need to clone your repository you will find a link to the instructions in the

find a link to the instructions in the lesson text and there you'll be able to

lesson text and there you'll be able to retrieve the command which will be git

retrieve the command which will be git clone along with the address of the repo

clone along with the address of the repo i'm going to hit enter and because i've

i'm going to hit enter and because i've already cloned this repo i'm receiving

already cloned this repo i'm receiving this error i'm going to do an ls and as

this error i'm going to do an ls and as you can see here the google cloud

you can see here the google cloud associate cloud engineer repo has

associate cloud engineer repo has already been cloned so i'm going to cd

already been cloned so i'm going to cd into that directory and in order to get

into that directory and in order to get the code i'm going to simply run the

the code i'm going to simply run the command git pull

command git pull to get the latest and i'm going to

to get the latest and i'm going to simply clear my screen and so now that

simply clear my screen and so now that i've retrieved all the code that i need

i've retrieved all the code that i need in order to deploy it i need to go to

in order to deploy it i need to go to that directory and that directory is

that directory and that directory is going to be 11 serverless services

going to be 11 serverless services forward slash 0 1 serverless bowties and

forward slash 0 1 serverless bowties and hit enter you're going to run ls and

hit enter you're going to run ls and here you will find two versions of the

here you will find two versions of the website application site v1 and site v2

website application site v1 and site v2 along with the instructions if you want

along with the instructions if you want to follow straight from here and so i

to follow straight from here and so i want to go ahead and deploy my first

want to go ahead and deploy my first website application so i'm going to cd

website application so i'm going to cd into site v1 ls and here you will see

into site v1 ls and here you will see the app.yaml which is the configuration

the app.yaml which is the configuration file that you will need in order to run

file that you will need in order to run the application on app engine and so

the application on app engine and so before i go ahead and deploy this i

before i go ahead and deploy this i wanted to take a moment to show you the

wanted to take a moment to show you the application configuration so i'm going

application configuration so i'm going to go ahead and open it up in cloud

to go ahead and open it up in cloud shell editor so i'm going to type in

shell editor so i'm going to type in edit app.yaml enter and as you can see

edit app.yaml enter and as you can see here my runtime is python 3.7 and as you

here my runtime is python 3.7 and as you can see i have a default expiration of

can see i have a default expiration of two seconds along with an expiration

two seconds along with an expiration underneath each handler and this is due

underneath each handler and this is due to the caching issue that happens with

to the caching issue that happens with app engine and so in order to simulate

app engine and so in order to simulate traffic splitting between the two

traffic splitting between the two website applications in order to make

website applications in order to make things easy i needed to expire the cash

things easy i needed to expire the cash and this is an easy way to do it now

and this is an easy way to do it now there may be applications out there that

there may be applications out there that do need that caching and so the

do need that caching and so the expiration may be a lot higher but for

expiration may be a lot higher but for the purposes of this demo two seconds

the purposes of this demo two seconds expiration should suffice as well

expiration should suffice as well explain the two handlers here the first

explain the two handlers here the first one showing the files that will be

one showing the files that will be uploaded to the cloud storage bucket as

uploaded to the cloud storage bucket as well as the second stating what static

well as the second stating what static files will be presented and so i'm going

files will be presented and so i'm going to go ahead back over to my terminal and

to go ahead back over to my terminal and i'm going to go ahead and clear my

i'm going to go ahead and clear my screen and i'm going to go ahead and run

screen and i'm going to go ahead and run the command gcloud app deploy with the

the command gcloud app deploy with the flag dash dash version and this is going

flag dash dash version and this is going to be version one so i'm going to go

to be version one so i'm going to go ahead and hit enter and you may get a

ahead and hit enter and you may get a pop-up asking you to authorize this api

pop-up asking you to authorize this api call using your credentials and you want

call using your credentials and you want to click on authorize and you're going

to click on authorize and you're going to be prompted to enter in a region that

to be prompted to enter in a region that you want to deploy your website

you want to deploy your website application to we want to keep this in

application to we want to keep this in us east one so i'm going to type in 15

us east one so i'm going to type in 15 hit enter

hit enter and you're going to be prompted to

and you're going to be prompted to verify your configuration for your

verify your configuration for your application before it's deployed you're

application before it's deployed you're also going to be prompted if you want to

also going to be prompted if you want to continue definitely yes so i'm going to

continue definitely yes so i'm going to hit y enter and so now as you've seen

hit y enter and so now as you've seen the files have been uploaded to cloud

the files have been uploaded to cloud storage and app engine is going to take

storage and app engine is going to take a few minutes to create the service

a few minutes to create the service along with the version so i'm going to

along with the version so i'm going to let it do the needful and i'll be back

let it do the needful and i'll be back before you know it okay and my

before you know it okay and my application has been deployed now

application has been deployed now although you don't see it here in the

although you don't see it here in the console it has been deployed all i need

console it has been deployed all i need to do is refresh my screen but i wanted

to do is refresh my screen but i wanted to just point out a couple things that

to just point out a couple things that is shown here in the terminal the first

is shown here in the terminal the first one being the default service now the

one being the default service now the first time you deploy a version of your

first time you deploy a version of your application it will always deploy to the

application it will always deploy to the default service initially and only then

default service initially and only then will you be able to deploy another named

will you be able to deploy another named service to app engine now here where it

service to app engine now here where it says setting traffic split for service

says setting traffic split for service this is referring to the configuration

this is referring to the configuration for traffic splitting being applied in

for traffic splitting being applied in the background which i will be getting

the background which i will be getting into a little bit later and lastly the

into a little bit later and lastly the url shown for the deployed service will

url shown for the deployed service will always start with the name of your

always start with the name of your project followed by.ue.r.appspot.com

which is why in production google recommends to run app engine in a

recommends to run app engine in a completely separate project

completely separate project before this demo running it in the same

before this demo running it in the same project that we've been using will

project that we've been using will suffice okay so let's go ahead and take

suffice okay so let's go ahead and take a look at the application so i'm going

a look at the application so i'm going to go back up to the top here to the

to go back up to the top here to the navigation menu and i'm gonna go down to

navigation menu and i'm gonna go down to app engine and go over to services and

app engine and go over to services and so here you will see the default service

so here you will see the default service with version one and if i go over to

with version one and if i go over to versions i will see here my version the

versions i will see here my version the status

status the traffic allocation along with any

the traffic allocation along with any instances that it needs the run time the

instances that it needs the run time the specific environment and i'll have some

specific environment and i'll have some diagnostic tools here that i could use

diagnostic tools here that i could use and so because this is a static website

and so because this is a static website application we won't be using any

application we won't be using any instances and so this will always show a

instances and so this will always show a zero so now i want to head back on over

zero so now i want to head back on over to services and i'm going to launch my

to services and i'm going to launch my application by simply clicking on this

application by simply clicking on this hot link

hot link and success serverless bow ties for all

and success serverless bow ties for all and so it looks like my application has

and so it looks like my application has been successfully deployed so i'm going

been successfully deployed so i'm going to close down this tab now there's a

to close down this tab now there's a couple of things that i wanted to run

couple of things that i wanted to run through here on the left hand menu just

through here on the left hand menu just for your information so here i can click

for your information so here i can click on instances and if i was running any

on instances and if i was running any instances i am able to see a summary of

instances i am able to see a summary of those instances and i can click on the

those instances and i can click on the drop down here and choose a different

drop down here and choose a different metric and find out any information that

metric and find out any information that i need as well i can click on this drop

i need as well i can click on this drop down and select a version if i had

down and select a version if i had multiple versions which i do not

multiple versions which i do not clicking on task queues here is where i

clicking on task queues here is where i can manage my task queues but this is a

can manage my task queues but this is a legacy service that will soon be

legacy service that will soon be deprecated clicking on cron jobs here i

deprecated clicking on cron jobs here i can schedule any tasks that i need to

can schedule any tasks that i need to run at a specific time on a recurring

run at a specific time on a recurring basis i can edit or add any firewall

basis i can edit or add any firewall rules if i need to and as you can see

rules if i need to and as you can see the default firewall rule is open to the

the default firewall rule is open to the world now you probably noticed memcache

world now you probably noticed memcache as being one of the options here in the

as being one of the options here in the menu but this is a legacy service that

menu but this is a legacy service that will soon be deprecated

will soon be deprecated memcache is a distributed in-memory data

memcache is a distributed in-memory data store that is bundled into the python to

store that is bundled into the python to runtime acting as a cache for specific

runtime acting as a cache for specific tasks and google recommends moving to

tasks and google recommends moving to memory store for redis if you're

memory store for redis if you're planning on applying caching for your

planning on applying caching for your app engine application and so i'm not

app engine application and so i'm not sure how much longer this will be here

sure how much longer this will be here and lastly under settings here is where

and lastly under settings here is where you can change your settings for your

you can change your settings for your application i can add any custom domains

application i can add any custom domains any ssl certificates as well as setting

any ssl certificates as well as setting up email for any applications that want

up email for any applications that want to send email out to your users okay and

to send email out to your users okay and now that we've done that walkthrough i

now that we've done that walkthrough i want to go ahead and deploy my second

want to go ahead and deploy my second version of the application and so i'm

version of the application and so i'm going to go ahead back down to cloud

going to go ahead back down to cloud shell i'm going to quickly clear my

shell i'm going to quickly clear my screen and i want to move into the site

screen and i want to move into the site v2 directory so i'm going to hit cd dot

v2 directory so i'm going to hit cd dot dot which will bring you back one

dot which will bring you back one directory you do an ls and i'm going to

directory you do an ls and i'm going to change directories into site v2 and do

change directories into site v2 and do an ls just to verify and yes you will

an ls just to verify and yes you will see serverless bow ties too i'm going to

see serverless bow ties too i'm going to quickly clear my screen and i'm going to

quickly clear my screen and i'm going to run the same command as before which is

run the same command as before which is gcloud app deploy with the version flag

gcloud app deploy with the version flag dash dash version and instead of one i'm

dash dash version and instead of one i'm going to launch version 2. so i'm going

going to launch version 2. so i'm going to hit enter i'm going to be prompted if

to hit enter i'm going to be prompted if i want to continue yes i do and as you

i want to continue yes i do and as you can see the files have been uploaded to

can see the files have been uploaded to cloud storage for version 2 of the

cloud storage for version 2 of the website application and app engine is

website application and app engine is going to take a few minutes to create

going to take a few minutes to create the service along with the version so

the service along with the version so i'm going to let it cook here for a

i'm going to let it cook here for a couple minutes and i'll be back before

couple minutes and i'll be back before you can say cat in the hat okay so

you can say cat in the hat okay so version 2 has been deployed and so if i

version 2 has been deployed and so if i go up here to the console and i click on

go up here to the console and i click on refresh you should see version 2 of your

refresh you should see version 2 of your service and as you can see 100 of the

service and as you can see 100 of the traffic has been allocated to version 2

traffic has been allocated to version 2 automatically and this is the default

automatically and this is the default behavior for whenever you launch a new

behavior for whenever you launch a new version of your service the only way to

version of your service the only way to avoid this is to deploy your new version

avoid this is to deploy your new version with the no promote flag and so if i go

with the no promote flag and so if i go back to services here on the left and i

back to services here on the left and i click on the default service

click on the default service you should see success for version two

you should see success for version two and so i know that my website

and so i know that my website application for version 2 has been

application for version 2 has been deployed successfully so i'm going to

deployed successfully so i'm going to close down this tab again and i'm going

close down this tab again and i'm going to go back to versions and so what i

to go back to versions and so what i want to do now is i want to simulate an

want to do now is i want to simulate an a b test or blue green deployment by

a b test or blue green deployment by migrating my traffic back to the old

migrating my traffic back to the old version in this case being version one

version in this case being version one so in production let's say that you

so in production let's say that you would release a new version and the

would release a new version and the version doesn't go according to plan you

version doesn't go according to plan you can always go back to the previous

can always go back to the previous version and app engine allows you to do

version and app engine allows you to do that very easily and so i'm going to

that very easily and so i'm going to click on version 1 and i'm going to go

click on version 1 and i'm going to go up to the top menu and click on migrate

up to the top menu and click on migrate traffic you'll be prompted if you want

traffic you'll be prompted if you want to migrate traffic yes i do so i'm going

to migrate traffic yes i do so i'm going to click on migrate and it should take a

to click on migrate and it should take a minute here and traffic should migrate

minute here and traffic should migrate over to version one and success traffic

over to version one and success traffic has been migrated and so we want to

has been migrated and so we want to verify that this has happened i'm gonna

verify that this has happened i'm gonna go back to services i'm gonna click on

go back to services i'm gonna click on the default service and yes the traffic

the default service and yes the traffic has been allocated to version one okay

has been allocated to version one okay so i'm going to shut down this tab i'm

so i'm going to shut down this tab i'm going to go back to versions and so now

going to go back to versions and so now what i want to do is i want to simulate

what i want to do is i want to simulate splitting the traffic between the two

splitting the traffic between the two versions and so in order for you to do

versions and so in order for you to do this you can go up to the top menu

this you can go up to the top menu click on split traffic and you'll be

click on split traffic and you'll be prompted with a new menu here and here i

prompted with a new menu here and here i can choose from different versions and

can choose from different versions and because i only have two versions i'm

because i only have two versions i'm going to add version 2 and in order to

going to add version 2 and in order to allocate the traffic between the two i

allocate the traffic between the two i can either use this slider

can either use this slider and as you can see the allocation

and as you can see the allocation percentage will change or i can simply

percentage will change or i can simply just type it in and so i'm going to

just type it in and so i'm going to leave this at 50 percent so fifty

leave this at 50 percent so fifty percent of version one fifty percent of

percent of version one fifty percent of version two i'm going to split traffic

version two i'm going to split traffic randomly i'm gonna move this down just a

randomly i'm gonna move this down just a little bit and so that's exactly how you

little bit and so that's exactly how you wanna allocate your traffic and so once

wanna allocate your traffic and so once you've completed that you can simply

you've completed that you can simply click on save it's going to take a

click on save it's going to take a moment to update the settings and it's

moment to update the settings and it's been successful so if i head back on

been successful so if i head back on over to the previous page you can see

over to the previous page you can see here that traffic has been allocated to

here that traffic has been allocated to both versions and so now in order to

both versions and so now in order to verify this what you're going to do is

verify this what you're going to do is go over to services and click on the

go over to services and click on the default hot link and you'll see version

default hot link and you'll see version one but if i continuously refresh my

one but if i continuously refresh my screen i can see that here i have

screen i can see that here i have version two so because it's random i

version two so because it's random i have a 50 chance of getting version 1

have a 50 chance of getting version 1 and a 50 chance of getting version 2.

and a 50 chance of getting version 2. and so this is a simulation of splitting

and so this is a simulation of splitting traffic to different versions and

traffic to different versions and usually with a b testing only a small

usually with a b testing only a small percentage of the traffic is routed to

percentage of the traffic is routed to the new version until verification can

the new version until verification can be made that the new version deployed

be made that the new version deployed has indeed been successful and this can

has indeed been successful and this can be done by receiving feedback from the

be done by receiving feedback from the users and so now i wanted to take a

users and so now i wanted to take a quick moment to congratulate you on

quick moment to congratulate you on making it through this demo and hope

making it through this demo and hope that it has been extremely useful in

that it has been extremely useful in excelling your knowledge in deploying

excelling your knowledge in deploying and managing applications on app engine

and managing applications on app engine so just as a recap you've cloned the

so just as a recap you've cloned the repo to cloud shell you then deployed

repo to cloud shell you then deployed version one of your application into app

version one of your application into app engine you verified its launch and then

engine you verified its launch and then you deployed version two of the

you deployed version two of the application and verified its launch as

application and verified its launch as well you then migrated traffic from

well you then migrated traffic from version two over to version one and then

version two over to version one and then you went ahead and split traffic between

you went ahead and split traffic between both versions and allotted 50 of the

both versions and allotted 50 of the traffic allocation to each version and

traffic allocation to each version and so now before you go i want to make sure

so now before you go i want to make sure that we clean up any resources that

that we clean up any resources that we've deployed so that we don't incur

we've deployed so that we don't incur any unnecessary costs and so the way to

any unnecessary costs and so the way to do this is very simple so first step you

do this is very simple so first step you want to go over to the left hand menu

want to go over to the left hand menu and click on settings and simply click

and click on settings and simply click on disable application you're going to

on disable application you're going to be prompted to type in the app's id for

be prompted to type in the app's id for me it's bowtie inc so i'm going to type

me it's bowtie inc so i'm going to type that in and i'm going to click on

that in and i'm going to click on disable now unfortunately with app

disable now unfortunately with app engine you can't actually delete the

engine you can't actually delete the application it can only be disabled and

application it can only be disabled and so now here i'm going to hit the hot

so now here i'm going to hit the hot link to go over to the cloud storage

link to go over to the cloud storage bucket and as you can see here i have no

bucket and as you can see here i have no files but i'm going to move back to my

files but i'm going to move back to my buckets

buckets and i'm going to move into the staging

and i'm going to move into the staging bucket which is appended with your

bucket which is appended with your project id.appspot.com

project id.appspot.com and as you can see here there's a whole

and as you can see here there's a whole bunch of different files as well if i

bunch of different files as well if i drill down into the directory marked as

drill down into the directory marked as ae for app engine i can see here that i

ae for app engine i can see here that i have some more directories along with

have some more directories along with the manifest and so now if you want to

the manifest and so now if you want to keep your application in order to run it

keep your application in order to run it later you don't need to delete this

later you don't need to delete this bucket but because i don't need it i'm

bucket but because i don't need it i'm going to go ahead and delete the bucket

going to go ahead and delete the bucket hit delete paste in my bucket name hit

hit delete paste in my bucket name hit delete as well under us.artifacts

delete as well under us.artifacts you will find a directory called

you will find a directory called containers and as explained in the last

containers and as explained in the last lesson code build builds a container for

lesson code build builds a container for your application before deploying it to

your application before deploying it to app engine so i'm going to drill down

app engine so i'm going to drill down into images so here's all the container

into images so here's all the container digests and i don't need any of these so

digests and i don't need any of these so i'm gonna go ahead and delete this

i'm gonna go ahead and delete this bucket as well and so this is the last

bucket as well and so this is the last step in order to delete all the

step in order to delete all the directories and files that we use to

directories and files that we use to deploy our application in an app engine

deploy our application in an app engine okay and so i'm gonna head back on over

okay and so i'm gonna head back on over to app engine and so now that cleanup

to app engine and so now that cleanup has been taken care of that's pretty

has been taken care of that's pretty much all i wanted to cover in this demo

much all i wanted to cover in this demo for deploying and managing applications

for deploying and managing applications on app engine so you can now mark this

on app engine so you can now mark this as complete and i'll see you in the next

as complete and i'll see you in the next one and again congrats on a job well

one and again congrats on a job well done

done [Music]

[Music] welcome back in this lesson i will be

welcome back in this lesson i will be diving into another serverless product

diving into another serverless product from google cloud by the name of cloud

from google cloud by the name of cloud functions an extremely useful and

functions an extremely useful and advanced service that can be used with

advanced service that can be used with almost every service on the platform now

almost every service on the platform now there's quite a bit to cover here so

there's quite a bit to cover here so with that being said let's dive in now

with that being said let's dive in now cloud functions as i said before are a

cloud functions as i said before are a serverless execution environment and

serverless execution environment and what i mean by this is like app engine

what i mean by this is like app engine there is no need to provision any

there is no need to provision any servers or updating vms as the

servers or updating vms as the infrastructure is all handled by google

infrastructure is all handled by google but unlike app engine you will never see

but unlike app engine you will never see the servers so the provisioning of

the servers so the provisioning of resources happens when the code is

resources happens when the code is executed now cloud functions are a

executed now cloud functions are a function as a service offering and this

function as a service offering and this is where you upload code that is

is where you upload code that is purposefully written in a supported

purposefully written in a supported programming language and when your code

programming language and when your code is triggered it is executed in a fully

is triggered it is executed in a fully managed environment and your billed for

managed environment and your billed for when that code is executed cloud

when that code is executed cloud functions run in a runtime environment

functions run in a runtime environment and support many different runtimes like

and support many different runtimes like python java node.js go and net core

python java node.js go and net core cloud functions are event driven so when

cloud functions are event driven so when something happens in your environment

something happens in your environment you can choose whether or not you'd like

you can choose whether or not you'd like to respond to this event if you do then

to respond to this event if you do then your code can be executed in response to

your code can be executed in response to the event these triggers can be one of a

the event these triggers can be one of a few different types such as http

few different types such as http pub sub cloud storage and now firestore

pub sub cloud storage and now firestore and firebase which are in beta and have

and firebase which are in beta and have yet to be seen in the exam cloud

yet to be seen in the exam cloud functions are priced according to how

functions are priced according to how long your function runs and how many

long your function runs and how many resources you provision for your

resources you provision for your function if your function makes an

function if your function makes an outbound network request there are also

outbound network request there are also additional data transfer fees cloud

additional data transfer fees cloud functions also include a perpetual free

functions also include a perpetual free tier which allows you 2 million

tier which allows you 2 million invocations or executions of your

invocations or executions of your function now cloud functions themselves

function now cloud functions themselves are very simple but have a few steps to

are very simple but have a few steps to execute before actually running so i

execute before actually running so i wanted to give you a walkthrough on

wanted to give you a walkthrough on exactly how cloud functions work now

exactly how cloud functions work now after selecting the name and region you

after selecting the name and region you want your function to live in you would

want your function to live in you would then select the trigger you wish to use

then select the trigger you wish to use and you can choose from the many i

and you can choose from the many i listed earlier being http cloud storage

listed earlier being http cloud storage pub sub cloud firestore and firebase a

pub sub cloud firestore and firebase a trigger is a declaration that you are

trigger is a declaration that you are interested in a certain event or set of

interested in a certain event or set of events binding a function to a trigger

events binding a function to a trigger allows you to capture and act on these

allows you to capture and act on these events authentication configuration is

events authentication configuration is the next step and can be selected with

the next step and can be selected with public access

public access or configured through iam now there are

or configured through iam now there are some optional settings that can be

some optional settings that can be configured where you would provide the

configured where you would provide the amount of memory the function will need

amount of memory the function will need to run

to run networking preferences and even

networking preferences and even selection for a service account now once

selection for a service account now once all the settings have been solidified

all the settings have been solidified your written code can then be put into

your written code can then be put into the function now the functions code

the function now the functions code supports a variety of languages as

supports a variety of languages as stated before like python java node.js

stated before like python java node.js or go now when writing your code there

or go now when writing your code there are two distinct types of cloud

are two distinct types of cloud functions that you could use http

functions that you could use http functions and background functions with

functions and background functions with http functions you invoke them from

http functions you invoke them from standard http requests these http

standard http requests these http requests wait for the response and

requests wait for the response and support handling of common http request

support handling of common http request methods like get put

methods like get put post delete and options when you use

post delete and options when you use cloud functions a tls certificate is

cloud functions a tls certificate is automatically provisioned for you so all

automatically provisioned for you so all http functions can be invoked via a

http functions can be invoked via a secure connection now when it comes to

secure connection now when it comes to background functions

background functions these are used to handle events from

these are used to handle events from your gcp infrastructure such as messages

your gcp infrastructure such as messages on a pub sub topic or changes in a cloud

on a pub sub topic or changes in a cloud storage bucket now once you have put all

storage bucket now once you have put all this together you are ready to deploy

this together you are ready to deploy your code now there are two things that

your code now there are two things that will happen when deploying your code the

will happen when deploying your code the first one is the binding of your trigger

first one is the binding of your trigger to your function once you bind a trigger

to your function once you bind a trigger you cannot bind another one to the same

you cannot bind another one to the same function

function only one trigger can be bound to a

only one trigger can be bound to a function at a time now the second thing

function at a time now the second thing that will happen when you deploy your

that will happen when you deploy your function's source code to cloud

function's source code to cloud functions is that source code is stored

functions is that source code is stored in a cloud storage bucket as a zip file

in a cloud storage bucket as a zip file cloud build then automatically builds

cloud build then automatically builds your code into a container image that

your code into a container image that pushes that image to container registry

pushes that image to container registry cloud functions accesses this image when

cloud functions accesses this image when it needs to run the container to execute

it needs to run the container to execute your function the process of building

your function the process of building the image is entirely automatic and

the image is entirely automatic and requires no manual intervention and so

requires no manual intervention and so at this point of the process the

at this point of the process the building of your function is now

building of your function is now complete now that the function has been

complete now that the function has been created we now wait for an event to

created we now wait for an event to happen and events are things that happen

happen and events are things that happen within your cloud environment that you

within your cloud environment that you might want to take action on these might

might want to take action on these might be changes to data in cloud sql files

be changes to data in cloud sql files added to cloud storage or a new vm being

added to cloud storage or a new vm being created currently cloud functions

created currently cloud functions supports

supports events from the same services used for

events from the same services used for triggers that i have just mentioned

triggers that i have just mentioned including other google services like

including other google services like bigquery cloud sql and cloud spanner now

bigquery cloud sql and cloud spanner now when an event triggers the execution of

when an event triggers the execution of your cloud function

your cloud function data associated with the event is passed

data associated with the event is passed via the functions parameters the type of

via the functions parameters the type of event determines the parameters that are

event determines the parameters that are passed to your function cloud functions

passed to your function cloud functions handles incoming requests by assigning

handles incoming requests by assigning them to instances of your function now

them to instances of your function now depending on the volume of requests

depending on the volume of requests as well as the number of existing

as well as the number of existing function instances cloud functions may

function instances cloud functions may assign a request to an existing instance

assign a request to an existing instance or create a new one so the cloud

or create a new one so the cloud function will grab the image from cloud

function will grab the image from cloud registry and hand off the image along

registry and hand off the image along with the event data to the instance for

with the event data to the instance for processing now each instance of a

processing now each instance of a function handles only one concurrent

function handles only one concurrent request at a time this means that while

request at a time this means that while your code is processing one request

your code is processing one request there is no possibility of a second

there is no possibility of a second request being routed to the same

request being routed to the same instance thus the original request can

instance thus the original request can use the full amount of resources that

use the full amount of resources that you requested and this is the memory

you requested and this is the memory that you assign to your cloud function

that you assign to your cloud function when deploying it now to allow google to

when deploying it now to allow google to automatically manage and scale the

automatically manage and scale the functions they must be stateless

functions they must be stateless functions are not meant to be persistent

functions are not meant to be persistent nor is the data that is passed on to the

nor is the data that is passed on to the function and so once the function has

function and so once the function has run and all data has been processed by

run and all data has been processed by the server it is then passed on to

the server it is then passed on to either a vpc or to the internet now by

either a vpc or to the internet now by default functions have public internet

default functions have public internet access unless configured otherwise

access unless configured otherwise functions can also be private and used

functions can also be private and used within your vpc but must be configured

within your vpc but must be configured before deployment now there are so many

before deployment now there are so many use cases for cloud functions and there

use cases for cloud functions and there are many that have already been created

are many that have already been created by google for you to try out

by google for you to try out and can be located in the documentation

and can be located in the documentation that i've supplied in the lesson text

that i've supplied in the lesson text below now the exam doesn't go into too

below now the exam doesn't go into too much depth on cloud functions but i did

much depth on cloud functions but i did want to give you some exposure to this

want to give you some exposure to this fantastic serverless product from google

fantastic serverless product from google as it is so commonly used in many

as it is so commonly used in many production environments in a simple and

production environments in a simple and easy way to take in data process it and

easy way to take in data process it and return a result from any event you are

return a result from any event you are given and i have no doubt that once you

given and i have no doubt that once you get the hang of deploying them that you

get the hang of deploying them that you will be a huge fan of them as well and

will be a huge fan of them as well and so that's pretty much all i had to cover

so that's pretty much all i had to cover when it comes to cloud functions so you

when it comes to cloud functions so you can now mark this lesson as complete and

can now mark this lesson as complete and whenever you're ready join me in the

whenever you're ready join me in the next one where we go hands-on in the

next one where we go hands-on in the console creating and deploying your very

console creating and deploying your very first function

welcome back and in this demo we will be diving into creating and deploying our

diving into creating and deploying our very first cloud function we're going to

very first cloud function we're going to take a tour of all the options in the

take a tour of all the options in the console but we're going to do most of

console but we're going to do most of the work in cloud shell to get a good

the work in cloud shell to get a good feel for doing it in the command line so

feel for doing it in the command line so with that being said let's dive in and

with that being said let's dive in and so i'm logged in here as tony bowties

so i'm logged in here as tony bowties gmail.com

gmail.com and i'm in the project of bowtie inc and

and i'm in the project of bowtie inc and so the first thing i want to do is head

so the first thing i want to do is head on over to cloud functions in the

on over to cloud functions in the console so i'm going to go up to the top

console so i'm going to go up to the top left to the navigation menu and i'm

left to the navigation menu and i'm going to scroll down to cloud functions

going to scroll down to cloud functions and as you can see here cloud functions

and as you can see here cloud functions is getting ready and this is because

is getting ready and this is because we've never used it before and the api

we've never used it before and the api is being enabled okay and the api has

is being enabled okay and the api has been enabled and we can go ahead and

been enabled and we can go ahead and start creating our function so you can

start creating our function so you can go ahead and click create function and

go ahead and click create function and you will be prompted with some fields to

you will be prompted with some fields to fill out for the configuration of your

fill out for the configuration of your cloud function and so under basics for

cloud function and so under basics for function name i'm going to name this

function name i'm going to name this hello underscore world for region i'm

hello underscore world for region i'm going to select us east one and under

going to select us east one and under trigger for trigger type we're gonna

trigger for trigger type we're gonna keep this as http although if i click on

keep this as http although if i click on the drop down menu you can see that i

the drop down menu you can see that i will have options for cloud pub sub

will have options for cloud pub sub cloud storage and the ones that i

cloud storage and the ones that i mentioned before that are in beta so

mentioned before that are in beta so we're going to keep things as http and

we're going to keep things as http and here under url is the url for the actual

here under url is the url for the actual cloud function under authentication i

cloud function under authentication i have the option of choosing require

have the option of choosing require authentication or allow unauthenticated

authentication or allow unauthenticated invocations and as you can see this is

invocations and as you can see this is clearly marked saying that check this if

clearly marked saying that check this if you are creating a public api or website

you are creating a public api or website which we are and so this is the

which we are and so this is the authentication method that you want to

authentication method that you want to select and so now that we have all the

select and so now that we have all the fields filled out for the basic

fields filled out for the basic configuration i'm going to go ahead and

configuration i'm going to go ahead and click on save and just to give you a

click on save and just to give you a quick run through of what else is

quick run through of what else is available i'm going to click on the drop

available i'm going to click on the drop down here and this will give me access

down here and this will give me access to variables networking and advanced

to variables networking and advanced settings the first field here memory

settings the first field here memory allocated i can actually add more memory

allocated i can actually add more memory depending what i am doing with my cloud

depending what i am doing with my cloud function but i'm going to keep it as the

function but i'm going to keep it as the default if you have a cloud function

default if you have a cloud function that runs a little bit longer and you

that runs a little bit longer and you need more time to run the cloud function

need more time to run the cloud function you can add additional time for the

you can add additional time for the timeout and as well i have the option of

timeout and as well i have the option of choosing a different service account for

choosing a different service account for this cloud function and so moving on

this cloud function and so moving on under environment variables you will see

under environment variables you will see the options to add build environment

the options to add build environment variables along with runtime environment

variables along with runtime environment variables and the last option being

variables and the last option being connections here you can change the

connections here you can change the different networking settings for

different networking settings for ingress and egress traffic under ingress

ingress and egress traffic under ingress settings i can allow all traffic which

settings i can allow all traffic which is the default i can allow internal

is the default i can allow internal traffic only as well i can allow

traffic only as well i can allow internal traffic and traffic from cloud

internal traffic and traffic from cloud low balancing now as well when it comes

low balancing now as well when it comes to the egress settings as i said before

to the egress settings as i said before by default your cloud function is able

by default your cloud function is able to send requests to the internet but not

to send requests to the internet but not to resources in your vpc network and so

to resources in your vpc network and so this is where you would create a vpc

this is where you would create a vpc connector to send requests from your

connector to send requests from your cloud function to resources in your vpc

cloud function to resources in your vpc so if i click on create a connector

so if i click on create a connector it'll open up a new tab and bring me to

it'll open up a new tab and bring me to vpc network to add serverless vpc access

vpc network to add serverless vpc access and so i don't want to do that right now

and so i don't want to do that right now so i'm going to close down this tab and

so i'm going to close down this tab and i'm going to go ahead and leave

i'm going to go ahead and leave everything else as is and click on next

everything else as is and click on next and so now that the configuration is

and so now that the configuration is done i can dive right into the code and

done i can dive right into the code and so google cloud gives you a inline

so google cloud gives you a inline editor right here along with the

editor right here along with the different runtime environments so if i

different runtime environments so if i click on the drop down menu you can see

click on the drop down menu you can see i have the options

i have the options of net core go java node.js and python

of net core go java node.js and python 3.7 and 3.8 and so for this demo i'm

3.7 and 3.8 and so for this demo i'm going to keep it as node.js 10. the

going to keep it as node.js 10. the entry point will be hello world and i'm

entry point will be hello world and i'm going to keep the code exactly as is and

going to keep the code exactly as is and this is a default cloud function that is

this is a default cloud function that is packaged with any runtime whenever you

packaged with any runtime whenever you create a function from the console and

create a function from the console and so if i had any different code i can

so if i had any different code i can change it here but i'm not going to do

change it here but i'm not going to do that i'm going to leave everything else

that i'm going to leave everything else as is and click on deploy and it'll take

as is and click on deploy and it'll take a couple minutes here to create my cloud

a couple minutes here to create my cloud function and so i'm going to pause the

function and so i'm going to pause the video here for just a quick sec and i'll

video here for just a quick sec and i'll be back in a flash okay and my cloud

be back in a flash okay and my cloud function has been deployed and i got a

function has been deployed and i got a green check mark which means that i'm

green check mark which means that i'm all good and so i want to dive right

all good and so i want to dive right into it for just a second so i can get

into it for just a second so i can get some more details here i have the

some more details here i have the metrics for my cloud function the

metrics for my cloud function the invocations per second execution time

invocations per second execution time memory utilization and active instances

memory utilization and active instances i have my versions up here at the top

i have my versions up here at the top but since i only have one version only

but since i only have one version only one version shows up if i click on

one version shows up if i click on details it'll show me the general

details it'll show me the general information along with the networking

information along with the networking settings the source will show me the

settings the source will show me the code for this cloud function as well as

code for this cloud function as well as the variables the trigger permissions

the variables the trigger permissions logs and testing and here i can write in

logs and testing and here i can write in some code and test the function and so

some code and test the function and so in order for me to invoke this function

in order for me to invoke this function i can simply go to trigger and it'll

i can simply go to trigger and it'll show me the url but a quick way to do

show me the url but a quick way to do this through the command line is to

this through the command line is to simply open up cloud shell and make this

simply open up cloud shell and make this a little bigger for better viewing and

a little bigger for better viewing and i'm going to paste in the command gcloud

i'm going to paste in the command gcloud functions describe along with the

functions describe along with the function name which is hello underscore

function name which is hello underscore world along with the region flag dash

world along with the region flag dash dash region with the region that my

dash region with the region that my cloud function has been deployed in

cloud function has been deployed in which is us east one and i'm going to

which is us east one and i'm going to hit enter

hit enter it's going to ask me to authorize my api

it's going to ask me to authorize my api call yes i want to authorize it and this

call yes i want to authorize it and this command should output some information

command should output some information on your screen and so what we're looking

on your screen and so what we're looking for here is the http trigger which you

for here is the http trigger which you will find here under https trigger and

will find here under https trigger and it is the same as what you see here in

it is the same as what you see here in the console and so just know if you want

the console and so just know if you want to grab the http url trigger you can

to grab the http url trigger you can also do it from the command line and so

also do it from the command line and so i'm going to now trigger it by going to

i'm going to now trigger it by going to this url and you should see in the top

this url and you should see in the top left hand side of your screen hello

left hand side of your screen hello world not as exciting as spinning bow

world not as exciting as spinning bow ties but this example gives you an idea

ties but this example gives you an idea of what an http function can do and so

of what an http function can do and so i'm going to close down this tab and so

i'm going to close down this tab and so now what i want to do is i want to

now what i want to do is i want to deploy another function but i want to do

deploy another function but i want to do it now through the command line and so

it now through the command line and so i'm going to now quickly clear my screen

i'm going to now quickly clear my screen and so since i've already uploaded the

and so since i've already uploaded the code to the repo i'm going to simply

code to the repo i'm going to simply clone that repo and run it from here so

clone that repo and run it from here so i'm going to simply do a cd tilde to

i'm going to simply do a cd tilde to make sure i'm in my home directory for

make sure i'm in my home directory for those of you who haven't deleted the

those of you who haven't deleted the directory you can simply cd into it so

directory you can simply cd into it so i'm going to run cd google cloud

i'm going to run cd google cloud associate cloud engineer hit enter and

associate cloud engineer hit enter and i'm going to run a get pull command

i'm going to run a get pull command and it pull down all the files that i

and it pull down all the files that i needed i'm going to quickly clear my

needed i'm going to quickly clear my screen and so i'm going to change

screen and so i'm going to change directories into the directory that has

directories into the directory that has my code and so you're going to find it

my code and so you're going to find it under 11 serverless services under zero

under 11 serverless services under zero to you called hit enter and again i will

to you called hit enter and again i will have a link in the lesson text for the

have a link in the lesson text for the full instructions on this demo and it

full instructions on this demo and it will list the directory where you can

will list the directory where you can find this code okay so moving forward

find this code okay so moving forward i'm going to run ls and you should see

i'm going to run ls and you should see three files here

three files here main.py

main.py requirements.txt and the text file with

requirements.txt and the text file with the instructions and so now that i have

the instructions and so now that i have everything in place in order to deploy

everything in place in order to deploy my code i'm going to paste in the

my code i'm going to paste in the command to actually deploy my function

command to actually deploy my function which is gcloud functions deploy the

which is gcloud functions deploy the name of the function which is you

name of the function which is you underscore called the flag for the

underscore called the flag for the runtime dash dash runtime and the

runtime dash dash runtime and the runtime is going to be python 3.8 the

runtime is going to be python 3.8 the flag for the trigger which is going to

flag for the trigger which is going to be http and because i'm a nice guy and i

be http and because i'm a nice guy and i want everyone to have access to this i'm

want everyone to have access to this i'm going to tag it with the flag dash dash

going to tag it with the flag dash dash allow unauthenticated so i'm going to

allow unauthenticated so i'm going to hit enter okay and this function should

hit enter okay and this function should take a couple minutes to deploy so i'm

take a couple minutes to deploy so i'm going to sit here and let it cook and

going to sit here and let it cook and i'll be back before you can say cat in

i'll be back before you can say cat in the hat okay and our function has been

the hat okay and our function has been deployed i'm going to do a quick refresh

deployed i'm going to do a quick refresh here in the console and it deployed

here in the console and it deployed successfully as you can see the green

successfully as you can see the green check mark is here okay and so now that

check mark is here okay and so now that it's been deployed we want to trigger

it's been deployed we want to trigger our function and so because i just

our function and so because i just deployed this function the url trigger

deployed this function the url trigger is conveniently located here in my

is conveniently located here in my screen so you can go ahead and click on

screen so you can go ahead and click on it and hello lover of bow ties you

it and hello lover of bow ties you called now although this may be similar

called now although this may be similar to the hello world demo but i did add a

to the hello world demo but i did add a small feature that might spice things up

small feature that might spice things up and so if you go up to the url and you

and so if you go up to the url and you type in question mark name equals and

type in question mark name equals and your name and since my name is anthony

your name and since my name is anthony i'm going to type in anthony

i'm going to type in anthony hit enter and hello anthony you called

hit enter and hello anthony you called and so this is a perfect example of the

and so this is a perfect example of the many different ways you can use

many different ways you can use functions and although i've only

functions and although i've only highlighted some very simple

highlighted some very simple demonstrations there are many different

demonstrations there are many different ways that you can use functions such as

ways that you can use functions such as running pipelines running batch jobs and

running pipelines running batch jobs and even event driven security now although

even event driven security now although the exam doesn't go into too much depth

the exam doesn't go into too much depth on cloud functions it's always good to

on cloud functions it's always good to know its use cases and where its

know its use cases and where its strengths lie for when you do decide to

strengths lie for when you do decide to use it in your role as a cloud engineer

use it in your role as a cloud engineer now before you go be sure to delete all

now before you go be sure to delete all the resources you've created by deleting

the resources you've created by deleting the functions and the storage buckets

the functions and the storage buckets that house the code for the cloud

that house the code for the cloud functions and i will walk you through

functions and i will walk you through the steps right now okay so first i'm

the steps right now okay so first i'm going to close down this tab and next

going to close down this tab and next you're going to select all the functions

you're going to select all the functions and you're going to simply click on

and you're going to simply click on delete you're going to get a prompt to

delete you're going to get a prompt to delete the functions you're going to

delete the functions you're going to click on delete and it's going to take a

click on delete and it's going to take a minute or two and the functions are

minute or two and the functions are deleted i'm going to close down my cloud

deleted i'm going to close down my cloud shell and i'm going to head over to

shell and i'm going to head over to cloud storage

cloud storage and as you can see here both these

and as you can see here both these buckets that start with gcf standing for

buckets that start with gcf standing for google cloud functions can be safely

google cloud functions can be safely deleted as inside them are the files

deleted as inside them are the files that were used for the cloud function so

that were used for the cloud function so i'm going to go back out i'm going to

i'm going to go back out i'm going to select both of these and i'm going to

select both of these and i'm going to click on delete you get a prompt to

click on delete you get a prompt to delete two buckets you can simply type

delete two buckets you can simply type in delete and click on delete and the

in delete and click on delete and the buckets have now been deleted and you've

buckets have now been deleted and you've pretty much finished your cleanup and so

pretty much finished your cleanup and so just as a recap you created a default

just as a recap you created a default cloud function that was available from

cloud function that was available from the console and then verified it by

the console and then verified it by triggering the http url you then

triggering the http url you then deployed another function from the

deployed another function from the command line by pulling the code from

command line by pulling the code from the repo and using it for deployment and

the repo and using it for deployment and then you verified that function by

then you verified that function by triggering it using the http url as well

triggering it using the http url as well and then you modify the url for a

and then you modify the url for a different output great job on another

different output great job on another successful demo so you can now mark this

successful demo so you can now mark this as complete and let's move on to the

as complete and let's move on to the next one

next one [Music]

[Music] welcome back in this lesson we're going

welcome back in this lesson we're going to dive into cloud storage the go to

to dive into cloud storage the go to storage service from google cloud if

storage service from google cloud if you're an engineer working in google

you're an engineer working in google cloud you've probably used this many

cloud you've probably used this many times as a storage solution and if you

times as a storage solution and if you haven't this is definitely a service

haven't this is definitely a service that you will need to know for both the

that you will need to know for both the exam and your day-to-day role as a cloud

exam and your day-to-day role as a cloud engineer now there's quite a bit to

engineer now there's quite a bit to cover here so with that being said let's

cover here so with that being said let's dive in now cloud storage is a

dive in now cloud storage is a consistent scalable large capacity

consistent scalable large capacity highly durable object storage and this

highly durable object storage and this is unlimited storage for objects with no

is unlimited storage for objects with no minimum object size but please remember

minimum object size but please remember that this is object storage and is not

that this is object storage and is not designed to store an operating system on

designed to store an operating system on but to store whole objects like pictures

but to store whole objects like pictures or videos cloud storage has worldwide

or videos cloud storage has worldwide accessibility and worldwide storage

accessibility and worldwide storage locations so anywhere that there is a

locations so anywhere that there is a region or zone cloud storage is

region or zone cloud storage is available from there and can be accessed

available from there and can be accessed at any time through an internet

at any time through an internet connection cloud storage is great for

connection cloud storage is great for storing data from data analytics jobs

storing data from data analytics jobs text files with code pictures of the

text files with code pictures of the latest fashion from paris and videos of

latest fashion from paris and videos of your favorite house dj at the shelter

your favorite house dj at the shelter cloud storage excels for content

cloud storage excels for content delivery big data sets and backups and

delivery big data sets and backups and are all stored as objects in buckets and

are all stored as objects in buckets and this is the heart of cloud storage that

this is the heart of cloud storage that i will be diving into so starting with

i will be diving into so starting with buckets these are the basic containers

buckets these are the basic containers or construct that holds your data

or construct that holds your data everything that you store in cloud

everything that you store in cloud storage must be contained in a bucket

storage must be contained in a bucket you can use buckets to organize your

you can use buckets to organize your data and control access to your data but

data and control access to your data but unlike directories and folders you

unlike directories and folders you cannot nest buckets and i'll get into

cannot nest buckets and i'll get into that in just a minute now when you

that in just a minute now when you create a bucket you must specify a

create a bucket you must specify a globally unique name as every bucket

globally unique name as every bucket resides in a single cloud storage

resides in a single cloud storage namespace as well as a name you must

namespace as well as a name you must specify a geographic location where the

specify a geographic location where the bucket and its contents are stored and

bucket and its contents are stored and you have three available geography

you have three available geography choices to choose from from region dual

choices to choose from from region dual region and multi-region and so just as a

region and multi-region and so just as a note choosing dual region and

note choosing dual region and multi-region is considered geo-redundant

multi-region is considered geo-redundant for dual region geo-redundancy is

for dual region geo-redundancy is achieved using a specific pair of

achieved using a specific pair of regions for multi-region geo-redundancy

regions for multi-region geo-redundancy is achieved using a continent that

is achieved using a continent that contains two or more geographic places

contains two or more geographic places basically the more regions your data is

basically the more regions your data is available in the greater your

available in the greater your availability for that data after you've

availability for that data after you've chosen a geographic location a default

chosen a geographic location a default storage class must be chosen and this

storage class must be chosen and this applies to objects added to the bucket

applies to objects added to the bucket that don't have a storage class

that don't have a storage class explicitly specified and i'll be diving

explicitly specified and i'll be diving into storage classes in just a bit and

into storage classes in just a bit and so after you create a bucket you can

so after you create a bucket you can still change its default storage class

still change its default storage class to any class supported in the buckets

to any class supported in the buckets location with some stipulations

location with some stipulations you can only change the bucket name

you can only change the bucket name and location by deleting and recreating

and location by deleting and recreating the bucket as well once dual region is

the bucket as well once dual region is selected it cannot be changed to

selected it cannot be changed to multi-region and when selecting

multi-region and when selecting multi-region you will not be able to

multi-region you will not be able to change the bucket to be dual region and

change the bucket to be dual region and lastly you will need to choose what

lastly you will need to choose what level of access you want others to have

level of access you want others to have on your bucket whether you want to apply

on your bucket whether you want to apply permissions using uniform or fine

permissions using uniform or fine grained access uniform bucket level

grained access uniform bucket level access allows you to use iam alone to

access allows you to use iam alone to manage permissions iam applies

manage permissions iam applies permissions to all the objects contained

permissions to all the objects contained inside the bucket or groups of objects

inside the bucket or groups of objects with common name prefixes the find green

with common name prefixes the find green option enables you to use iam and access

option enables you to use iam and access control lists or acls

control lists or acls together to manage permissions acls are

together to manage permissions acls are a legacy access control system for cloud

a legacy access control system for cloud storage designed for interoperability

storage designed for interoperability with amazon s3 for those of you who use

with amazon s3 for those of you who use aws you can specify access and apply

aws you can specify access and apply permissions at both the bucket level and

permissions at both the bucket level and per individual object and i will also be

per individual object and i will also be diving more into depth with access

diving more into depth with access control

control in just a bit and just as a note labels

in just a bit and just as a note labels are an optional item for bucket creation

are an optional item for bucket creation like every other resource creation

like every other resource creation process in gcp now that we've covered

process in gcp now that we've covered buckets i wanted to cover what is stored

buckets i wanted to cover what is stored in those buckets which is objects and

in those buckets which is objects and objects are the individual pieces of

objects are the individual pieces of data or data chunks that you store in a

data or data chunks that you store in a cloud storage bucket and there is no

cloud storage bucket and there is no limit on the number of objects that you

limit on the number of objects that you can create in a bucket so you can think

can create in a bucket so you can think of objects kind of like files objects

of objects kind of like files objects have two components object data and

have two components object data and object metadata

object metadata object data is typically a file that you

object data is typically a file that you want to store in cloud storage and in

want to store in cloud storage and in this case it is the picture of the plaid

this case it is the picture of the plaid bow tie and object metadata is a

bow tie and object metadata is a collection of name value pairs that

collection of name value pairs that describe the various properties of that

describe the various properties of that object an object's name is treated as a

object an object's name is treated as a piece of object metadata in cloud

piece of object metadata in cloud storage and must be unique within the

storage and must be unique within the bucket cloud storage uses a flat

bucket cloud storage uses a flat namespace to store objects which means

namespace to store objects which means that cloud storage isn't a file system

that cloud storage isn't a file system hierarchy but sees all objects in a

hierarchy but sees all objects in a given bucket as independent with no

given bucket as independent with no relationship towards each other for

relationship towards each other for convenience

convenience tools such as the console and gsutil

tools such as the console and gsutil work with objects that use the slash

work with objects that use the slash character as if they were stored in a

character as if they were stored in a virtual hierarchy for example you can

virtual hierarchy for example you can name one object slash bow ties slash

name one object slash bow ties slash spring 2021 slash plaid bowtie.jpg when

spring 2021 slash plaid bowtie.jpg when using the cloud console you can then

using the cloud console you can then navigate to these objects as if they

navigate to these objects as if they were in a hierarchical directory

were in a hierarchical directory structure under the folders bow ties and

structure under the folders bow ties and spring 2021 now i mentioned before that

spring 2021 now i mentioned before that the part of the bucket creation is the

the part of the bucket creation is the selection of a storage class the storage

selection of a storage class the storage class you set for an object affects the

class you set for an object affects the object's availability and pricing model

object's availability and pricing model so when you create a bucket you can

so when you create a bucket you can specify a default storage class for the

specify a default storage class for the bucket when you add objects to the

bucket when you add objects to the bucket they inherit this storage class

bucket they inherit this storage class unless explicitly set otherwise now i

unless explicitly set otherwise now i wanted to touch on these four storage

wanted to touch on these four storage classes now to give you a better

classes now to give you a better understanding of the differences between

understanding of the differences between them the first one is standard storage

them the first one is standard storage and is considered best for hot data or

and is considered best for hot data or frequently accessed data and is best for

frequently accessed data and is best for short-term use as it does not have any

short-term use as it does not have any specified storage duration and this is

specified storage duration and this is excellent for use in analytical

excellent for use in analytical workloads and transcoding and the price

workloads and transcoding and the price for this storage class comes in at two

for this storage class comes in at two cents per gigabyte per month next up is

cents per gigabyte per month next up is near line storage and this is considered

near line storage and this is considered hot data as well and is a low-cost

hot data as well and is a low-cost storage class for storing in frequently

storage class for storing in frequently accessed data nearline storage has a

accessed data nearline storage has a slightly lower availability a 30-day

slightly lower availability a 30-day minimum storage duration and comes with

minimum storage duration and comes with the cost for data access nearline

the cost for data access nearline storage is ideal if you're looking to

storage is ideal if you're looking to continuously add files but only plan to

continuously add files but only plan to access them once a month and is perfect

access them once a month and is perfect for data backup and data archiving the

for data backup and data archiving the price for this storage class comes in at

price for this storage class comes in at a penny per gigabyte per month now cold

a penny per gigabyte per month now cold line storage is considered cold data as

line storage is considered cold data as it enters into more of the longer term

it enters into more of the longer term storage classes and is a very low cost

storage classes and is a very low cost storage class for storing and frequently

storage class for storing and frequently accessed data it comes with slightly

accessed data it comes with slightly lower availability than nearline storage

lower availability than nearline storage a 90-day minimum storage duration and

a 90-day minimum storage duration and comes with the cost for data access that

comes with the cost for data access that is higher than the retrieval cost for

is higher than the retrieval cost for nearline storage coldline storage is

nearline storage coldline storage is ideal for data you plan to read or

ideal for data you plan to read or modify at most once a quarter and is

modify at most once a quarter and is perfect for data backup and data

perfect for data backup and data archiving the price for this storage

archiving the price for this storage class comes in at less than half of a

class comes in at less than half of a penny per gigabyte per month and finally

penny per gigabyte per month and finally archive storage is the lowest cost

archive storage is the lowest cost highly durable storage service for data

highly durable storage service for data archiving online backup and disaster

archiving online backup and disaster recovery and even coming in at a lowest

recovery and even coming in at a lowest cost the data access is still available

cost the data access is still available within milliseconds archive storage

within milliseconds archive storage comes in at a higher cost for data

comes in at a higher cost for data retrieval as well as a

retrieval as well as a day minimum storage duration and is the

day minimum storage duration and is the best choice for data that you plan to

best choice for data that you plan to access less than once a year archive

access less than once a year archive storage also comes with the highest

storage also comes with the highest price for data retrieval and it is ideal

price for data retrieval and it is ideal for archive data storage that's used for

for archive data storage that's used for regulatory purposes or disaster recovery

regulatory purposes or disaster recovery data in the event that there is an

data in the event that there is an oopsies in your environment the price of

oopsies in your environment the price of the storage class comes in at a

the storage class comes in at a ridiculously low price per gigabyte per

ridiculously low price per gigabyte per month at a fraction of a penny per

month at a fraction of a penny per gigabyte per month now when it comes to

gigabyte per month now when it comes to choosing your geographic location this

choosing your geographic location this will determine the availability of your

will determine the availability of your data here as you can see the highest

data here as you can see the highest availability is the standard

availability is the standard multi-region whereas archive has the

multi-region whereas archive has the lowest availability when stored in a

lowest availability when stored in a regional setting now when it comes to

regional setting now when it comes to the durability of your data meaning the

the durability of your data meaning the measurement of how healthy and resilient

measurement of how healthy and resilient your data is from data loss or data

your data is from data loss or data corruption google cloud boasts 11 9's

corruption google cloud boasts 11 9's durability annually on all data stored

durability annually on all data stored in any storage class on cloud storage so

in any storage class on cloud storage so know that your data is stored safely and

know that your data is stored safely and will be there holding the same integrity

will be there holding the same integrity from the day you stored it now when it

from the day you stored it now when it comes to granting permissions to your

comes to granting permissions to your cloud storage buckets and the objects

cloud storage buckets and the objects within them there are four different

within them there are four different options to choose from the first is iam

options to choose from the first is iam permissions and these are the standard

permissions and these are the standard permissions that control all your other

permissions that control all your other resources in google cloud and follow the

resources in google cloud and follow the same top-down hierarchy that we

same top-down hierarchy that we discussed earlier the next available

discussed earlier the next available option are access control list or acls

option are access control list or acls and these define who has access to your

and these define who has access to your buckets and objects as well as what type

buckets and objects as well as what type of access they have and these can work

of access they have and these can work in tandem with im permissions moving on

in tandem with im permissions moving on to sign urls these are time limited

to sign urls these are time limited reader write access urls that can be

reader write access urls that can be created by you to give access to the

created by you to give access to the object in question for the duration that

object in question for the duration that you specify and lastly is sign policy

you specify and lastly is sign policy documents and these are documents to

documents and these are documents to specify what can be uploaded to a bucket

specify what can be uploaded to a bucket and i will be going into each one of

and i will be going into each one of these in a bit of detail now cloud

these in a bit of detail now cloud storage offers two systems for granting

storage offers two systems for granting users permission to access your buckets

users permission to access your buckets and objects iam and access control lists

and objects iam and access control lists these systems act in parallel in order

these systems act in parallel in order for a user to access a cloud storage

for a user to access a cloud storage resource only one of the systems needs

resource only one of the systems needs to grant the user permission im is

to grant the user permission im is always the recommended method when it

always the recommended method when it comes to giving access to buckets and

comes to giving access to buckets and the objects within those buckets

the objects within those buckets granting roles at the bucket level does

granting roles at the bucket level does not affect any existing roles that you

not affect any existing roles that you granted at the project level and vice

granted at the project level and vice versa giving you two levels of

versa giving you two levels of granularity to customize your

granularity to customize your permissions so for instance you can give

permissions so for instance you can give a user permission to read objects in any

a user permission to read objects in any bucket but permissions to create objects

bucket but permissions to create objects only in one specific bucket the roles

only in one specific bucket the roles that are available through iam are the

that are available through iam are the primitive standard storage roles or the

primitive standard storage roles or the legacy roles which are equivalent to

legacy roles which are equivalent to acls now acls are there if you need to

acls now acls are there if you need to customize access and really get granular

customize access and really get granular with individual objects within a bucket

with individual objects within a bucket and are used to define who has access to

and are used to define who has access to your buckets and objects as well as what

your buckets and objects as well as what level of access they have each acl

level of access they have each acl consists of one or more entries and

consists of one or more entries and gives a specific user or group the

gives a specific user or group the ability to perform specific actions each

ability to perform specific actions each entry consists of two pieces of

entry consists of two pieces of information a permission which defines

information a permission which defines what actions can be performed and a

what actions can be performed and a scope which defines who can perform the

scope which defines who can perform the specified actions now acls should be

specified actions now acls should be used with caution as iam roles and acls

used with caution as iam roles and acls overlap cloud storage will grant a

overlap cloud storage will grant a broader permission so if you allow

broader permission so if you allow specific users access to an object in a

specific users access to an object in a bucket and then an acl is applied to

bucket and then an acl is applied to that object to make it public then it

that object to make it public then it will be publicly accessible so please be

will be publicly accessible so please be aware now a signed url is a url that

aware now a signed url is a url that provides limited permission and time to

provides limited permission and time to make a request sign urls contain

make a request sign urls contain authentication information allowing

authentication information allowing users without credentials to perform

users without credentials to perform specific actions on a resource when you

specific actions on a resource when you generate a signed url you specify a user

generate a signed url you specify a user or service account which must have

or service account which must have sufficient permission to make the

sufficient permission to make the request that the sign url will make

request that the sign url will make after you generate a signed url anyone

after you generate a signed url anyone who possesses it can use the sign url to

who possesses it can use the sign url to perform specified actions such as

perform specified actions such as reading an object within a specified

reading an object within a specified period of time now if you want to

period of time now if you want to provide public access to a user who

provide public access to a user who doesn't have an account you can provide

doesn't have an account you can provide a signed url to that user which gives

a signed url to that user which gives the user read write or delete access to

the user read write or delete access to that resource for a limited time you

that resource for a limited time you specify an expiration date when you

specify an expiration date when you create the sign url so anyone who knows

create the sign url so anyone who knows the url can access the resource until

the url can access the resource until the expiration time for the url is

the expiration time for the url is reached or the key used to sign the url

reached or the key used to sign the url is rotated and the command to create the

is rotated and the command to create the sign url is shown here and as you can

sign url is shown here and as you can see has been assigned for a limited time

see has been assigned for a limited time of 10 minutes so as you've seen when it

of 10 minutes so as you've seen when it comes to cloud storage there are so many

comes to cloud storage there are so many configuration options to choose from and

configuration options to choose from and lots of different ways to store and give

lots of different ways to store and give access and this makes this resource from

access and this makes this resource from google cloud such a flexible option and

google cloud such a flexible option and full of great potential for many

full of great potential for many different types of workloads this is

different types of workloads this is also a service that comes up a lot in

also a service that comes up a lot in the exam as one of the many different

the exam as one of the many different storage options to choose from and so

storage options to choose from and so knowing the features storage classes

knowing the features storage classes pricing and access options will

pricing and access options will definitely give you a leg up when you

definitely give you a leg up when you are presented with questions regarding

are presented with questions regarding storage and so that's pretty much all i

storage and so that's pretty much all i wanted to cover when it comes to this

wanted to cover when it comes to this overview on cloud storage so you can now

overview on cloud storage so you can now mark this lesson as complete and let's

mark this lesson as complete and let's move on to the next one

move on to the next one [Music]

[Music] welcome back and in this lesson i will

welcome back and in this lesson i will be covering object versioning and life

be covering object versioning and life cycle management a feature within cloud

cycle management a feature within cloud storage that is used to manage and sort

storage that is used to manage and sort through older files that need to be

through older files that need to be deleted along with files that are not in

deleted along with files that are not in high need of regular access knowing the

high need of regular access knowing the capabilities of these two features

capabilities of these two features can really help organize accumulated

can really help organize accumulated objects in storage buckets and cut down

objects in storage buckets and cut down on costs so without further ado let's

on costs so without further ado let's dive in now to understand a bit more

dive in now to understand a bit more about objects i wanted to dive into

about objects i wanted to dive into immutability and versioning now objects

immutability and versioning now objects are immutable which means that an

are immutable which means that an uploaded object cannot change throughout

uploaded object cannot change throughout its storage lifetime an object's storage

its storage lifetime an object's storage lifetime is the time between a

lifetime is the time between a successful object creation or upload and

successful object creation or upload and successful object deletion this means

successful object deletion this means that you cannot edit objects in place

that you cannot edit objects in place instead objects are always replaced with

instead objects are always replaced with a new version so after the upload of the

a new version so after the upload of the new object completes the new version of

new object completes the new version of the object is served to readers this

the object is served to readers this replacement marks the end of one

replacement marks the end of one object's life cycle and the beginning of

object's life cycle and the beginning of a new one now to support the retrieval

a new one now to support the retrieval of objects that are deleted or replaced

of objects that are deleted or replaced cloud storage offers the object

cloud storage offers the object versioning feature object versioning

versioning feature object versioning retains a non-current object version

retains a non-current object version when the live object version gets

when the live object version gets replaced or deleted enabling object

replaced or deleted enabling object versioning increases storage costs which

versioning increases storage costs which can be partially mitigated by

can be partially mitigated by configuring object lifecycle management

configuring object lifecycle management to delete older object versions but more

to delete older object versions but more on that in just a bit cloud storage uses

on that in just a bit cloud storage uses two properties that together identify

two properties that together identify the version of an object the generation

the version of an object the generation which identifies the version of the

which identifies the version of the object's data

object's data and the meta generation which identifies

and the meta generation which identifies the version of the object's metadata

the version of the object's metadata these properties are always present with

these properties are always present with every version of the object even if

every version of the object even if object versioning is not enabled these

object versioning is not enabled these properties can be used to enforce

properties can be used to enforce ordering of updates so in order to

ordering of updates so in order to enable object versioning you would do

enable object versioning you would do that by enabling it on a bucket once

that by enabling it on a bucket once enabled older versions remain in your

enabled older versions remain in your bucket when a replacement or deletion

bucket when a replacement or deletion occurs so by default when you replace an

occurs so by default when you replace an object cloud storage deletes the old

object cloud storage deletes the old version and adds a new version these

version and adds a new version these older versions retain the name of the

older versions retain the name of the object but are uniquely identified by

object but are uniquely identified by their generation number when object

their generation number when object versioning has created an older version

versioning has created an older version of an object you can use the generation

of an object you can use the generation number to refer to the older version

number to refer to the older version this allows you to restore a replaced

this allows you to restore a replaced object in your bucket or permanently

object in your bucket or permanently delete older object versions that you no

delete older object versions that you no longer need and so touching back on cost

longer need and so touching back on cost for just a minute these versions can

for just a minute these versions can really add up and start costing you some

really add up and start costing you some serious money if you have thousands of

serious money if you have thousands of files with hundreds of versions and this

files with hundreds of versions and this is where life cycle management comes

is where life cycle management comes into play now cloud storage offers the

into play now cloud storage offers the object lifecycle management feature in

object lifecycle management feature in order to support some common use cases

order to support some common use cases like setting a time to live or ttl for

like setting a time to live or ttl for objects

objects retaining non-current versions of

retaining non-current versions of objects or downgrading storage classes

objects or downgrading storage classes of objects to help manage costs now in

of objects to help manage costs now in order to apply this feature to your

order to apply this feature to your objects you would assign a lifecycle

objects you would assign a lifecycle management configuration to a bucket the

management configuration to a bucket the configuration contains a set of rules

configuration contains a set of rules which apply to current and feature

which apply to current and feature objects in the bucket when an object

objects in the bucket when an object meets the criteria of one of the rules

meets the criteria of one of the rules cloud storage automatically performs the

cloud storage automatically performs the specified action on the object and so

specified action on the object and so some example use cases are shown here so

some example use cases are shown here so if you're looking to downgrade the

if you're looking to downgrade the storage class

storage class of objects older than 365 days to cold

of objects older than 365 days to cold line storage for compliance purposes

line storage for compliance purposes along with saving money life cycle

along with saving money life cycle management is perfect for this another

management is perfect for this another use case is when you want to delete

use case is when you want to delete objects created before january 1st of

objects created before january 1st of 2020 and this is another great use case

2020 and this is another great use case to save money as well with keeping only

to save money as well with keeping only the three most recent versions of each

the three most recent versions of each object in a bucket with versioning

object in a bucket with versioning enabled to keep from version objects

enabled to keep from version objects building up object lifecycle management

building up object lifecycle management has so many other use cases across a

has so many other use cases across a myriad of industries and when used

myriad of industries and when used correctly is a great way to achieve

correctly is a great way to achieve object management along with saving

object management along with saving money now i wanted to take a moment to

money now i wanted to take a moment to dive into the lifecycle management

dive into the lifecycle management configuration each lifecycle management

configuration each lifecycle management configuration contains a set of

configuration contains a set of components these are a set of rules

components these are a set of rules conditions and the action when the

conditions and the action when the conditions are met rules are any set of

conditions are met rules are any set of conditions for any action conditions is

conditions for any action conditions is something an object must meet before the

something an object must meet before the action defined in the rule occurs on the

action defined in the rule occurs on the object and there are various conditions

object and there are various conditions to choose from that allows you to get

to choose from that allows you to get pretty granular and finally the action

pretty granular and finally the action which is where you would have the option

which is where you would have the option to delete or set storage class now when

to delete or set storage class now when you delete current versions this will

you delete current versions this will move the current version into a

move the current version into a non-current state and when you delete a

non-current state and when you delete a non-current version you will permanently

non-current version you will permanently delete the version and cannot get it

delete the version and cannot get it back and so when you set the storage

back and so when you set the storage class it will transition the object to a

class it will transition the object to a different storage class so when defining

different storage class so when defining a rule you can specify any set of

a rule you can specify any set of conditions for any action if you specify

conditions for any action if you specify multiple conditions in a rule an object

multiple conditions in a rule an object has to match all of the conditions for

has to match all of the conditions for the action to be taken so if you have

the action to be taken so if you have three conditions and one of those

three conditions and one of those conditions have not been met then the

conditions have not been met then the action will not take place if you

action will not take place if you specify multiple rules that contain the

specify multiple rules that contain the same action the action is taken when an

same action the action is taken when an object matches the conditions in any of

object matches the conditions in any of these rules now if multiple rules have

these rules now if multiple rules have their conditions satisfied

their conditions satisfied simultaneously for a single object cloud

simultaneously for a single object cloud storage will either perform the delete

storage will either perform the delete action as it takes precedence over the

action as it takes precedence over the set storage class action or the set

set storage class action or the set storage class action that switches the

storage class action that switches the object to the storage class with the

object to the storage class with the lowest at rest storage pricing takes

lowest at rest storage pricing takes precedence so for example if you have

precedence so for example if you have one rule that deletes an object and

one rule that deletes an object and another rule that changes the object

another rule that changes the object storage class but both rules use the

storage class but both rules use the exact same condition the delete action

exact same condition the delete action always occurs when the condition is met

always occurs when the condition is met or if you have one rule that changes the

or if you have one rule that changes the object storage class to near line

object storage class to near line storage and another rule that changes

storage and another rule that changes the object storage class to cold line

the object storage class to cold line storage but both rules use the exact

storage but both rules use the exact same condition the object storage class

same condition the object storage class always changes to cold line storage when

always changes to cold line storage when the condition is met and so some

the condition is met and so some considerations that i wanted to point

considerations that i wanted to point out when it comes to cloud storage is

out when it comes to cloud storage is that when it comes to object life cycle

that when it comes to object life cycle management

management changes are in accordance to object

changes are in accordance to object creation date as well once an object is

creation date as well once an object is deleted it cannot be undeleted so please

deleted it cannot be undeleted so please be careful when permanently deleting a

be careful when permanently deleting a version as well life cycle rules can

version as well life cycle rules can take up to 24 hours to take effect so be

take up to 24 hours to take effect so be aware when setting them and always be

aware when setting them and always be sure to test these life cycle rules in

sure to test these life cycle rules in development first before rolling them

development first before rolling them out into production and so that's pretty

out into production and so that's pretty much all i had to cover when it comes to

much all i had to cover when it comes to versioning and object life cycle

versioning and object life cycle management and so you can now mark this

management and so you can now mark this lesson as complete and whenever you're

lesson as complete and whenever you're ready join me in the console where we go

ready join me in the console where we go hands-on with versioning object life

hands-on with versioning object life cycle management and cloud storage as a

cycle management and cloud storage as a whole

whole [Music]

[Music] welcome back in this demo we're going to

welcome back in this demo we're going to cement the knowledge that we learned

cement the knowledge that we learned from the past couple lessons on cloud

from the past couple lessons on cloud storage and really dive into the nitty

storage and really dive into the nitty gritty when it comes to the features and

gritty when it comes to the features and configuration you're first going to

configuration you're first going to create a cloud storage bucket and upload

create a cloud storage bucket and upload some files to it and then interact with

some files to it and then interact with the bucket and the files using the

the bucket and the files using the console as well you're going to get your

console as well you're going to get your hands dirty using the gsutil command

hands dirty using the gsutil command line tool and this is the tool for

line tool and this is the tool for managing cloud storage from the command

managing cloud storage from the command line now there's quite a bit of work to

line now there's quite a bit of work to do here so with that being said let's

do here so with that being said let's dive in and so i am logged in here as

dive in and so i am logged in here as tony bowties at gmail.com along with

tony bowties at gmail.com along with being in project bowtie inc and so the

being in project bowtie inc and so the first thing i want to do is i want to

first thing i want to do is i want to create a cloud storage bucket so in

create a cloud storage bucket so in order for me to do that i'm going to

order for me to do that i'm going to head over to the navigation menu and i'm

head over to the navigation menu and i'm going to scroll down to storage

going to scroll down to storage and here i already have a couple of

and here i already have a couple of buckets that i created from earlier

buckets that i created from earlier lessons and you may have a couple

lessons and you may have a couple buckets as well but you're going to go

buckets as well but you're going to go ahead and create a new bucket by going

ahead and create a new bucket by going up to the top here and click on create

up to the top here and click on create bucket now i know that we've gone

bucket now i know that we've gone through this before in previous lessons

through this before in previous lessons but this time i wanted to go through all

but this time i wanted to go through all the configuration options that are

the configuration options that are available and so the first thing that

available and so the first thing that you're prompted to do here is to name

you're prompted to do here is to name your bucket as explained in an earlier

your bucket as explained in an earlier lesson it needs to be a globally unique

lesson it needs to be a globally unique name and so you can pick any name you

name and so you can pick any name you choose and so for me i'm going to call

choose and so for me i'm going to call this bucket bowtie inc dash 2021 i'm

this bucket bowtie inc dash 2021 i'm going to hit continue and if it wasn't a

going to hit continue and if it wasn't a globally unique name it would error out

globally unique name it would error out and you would have to enter in a new

and you would have to enter in a new name but since this bucket name is

name but since this bucket name is globally unique i'm able to move forward

globally unique i'm able to move forward for location type you can select from

for location type you can select from region dual region and multi region with

region dual region and multi region with multi region under location you can

multi region under location you can select from either the americas europe

select from either the americas europe or asia pacific and under dual region

or asia pacific and under dual region you have the options of again choosing

you have the options of again choosing from america's europe and asia pacific

from america's europe and asia pacific and you will be given the regions for

and you will be given the regions for each and so for this demo we're going to

each and so for this demo we're going to go ahead and choose region and we're

go ahead and choose region and we're going to keep the location as u.s east

going to keep the location as u.s east one and once you've selected that you

one and once you've selected that you can go ahead and hit continue and you're

can go ahead and hit continue and you're going to be prompted to choose a default

going to be prompted to choose a default storage class and here you have the

storage class and here you have the option of selecting from the four

option of selecting from the four storage classes that we discussed in an

storage classes that we discussed in an earlier lesson and so for this demo you

earlier lesson and so for this demo you can keep it as standard and simply click

can keep it as standard and simply click on continue and so here you're prompted

on continue and so here you're prompted to choose access control and because

to choose access control and because we're going to be diving into acls you

we're going to be diving into acls you can keep this as the default fine grain

can keep this as the default fine grain access control you can go ahead and

access control you can go ahead and click continue and under encryption you

click continue and under encryption you can keep it as the default google manage

can keep it as the default google manage key but know that you always have the

key but know that you always have the option of choosing a customer manage key

option of choosing a customer manage key and once you've uploaded your customer

and once you've uploaded your customer manage key you can select it from here

manage key you can select it from here and because i have no customer managed

and because i have no customer managed keys no other keys show up so i'm going

keys no other keys show up so i'm going to click on google manage keys and here

to click on google manage keys and here under retention policy i know i haven't

under retention policy i know i haven't touched into that but just to give you

touched into that but just to give you some context when placing a retention

some context when placing a retention policy on a bucket it ensures that all

policy on a bucket it ensures that all current and future objects in the bucket

current and future objects in the bucket can't be deleted or replaced until they

can't be deleted or replaced until they reach the age that you define in the

reach the age that you define in the retention policy so if you try to delete

retention policy so if you try to delete or replace objects where the age is less

or replace objects where the age is less than the retention period it will

than the retention period it will obviously fail and this is great for

obviously fail and this is great for compliance purposes in areas where logs

compliance purposes in areas where logs need to be audited by regulators every

need to be audited by regulators every year or where government required

year or where government required retention periods apply as well with the

retention periods apply as well with the retention policy you have the option of

retention policy you have the option of locking that retention policy and when

locking that retention policy and when you lock a retention policy on a bucket

you lock a retention policy on a bucket you prevent the policy from ever being

you prevent the policy from ever being removed or the retention period from

removed or the retention period from ever being reduced and this feature is

ever being reduced and this feature is irreversible so please be aware if

irreversible so please be aware if you're ever experimenting with lock

you're ever experimenting with lock retention policies so if i set a

retention policies so if i set a retention policy here i can retain

retention policy here i can retain objects for a certain amount of seconds

objects for a certain amount of seconds days months and years and for this demo

days months and years and for this demo we're not going to set any retention

we're not going to set any retention policies so i'm going to check that off

policies so i'm going to check that off and i'm going to go ahead and add a

and i'm going to go ahead and add a label with the key being environment and

label with the key being environment and the value being test and just as a note

the value being test and just as a note before you go ahead and click on create

before you go ahead and click on create over on the right hand side you will see

over on the right hand side you will see a monthly cost estimate and you will be

a monthly cost estimate and you will be given an estimate with storage and

given an estimate with storage and retrieval as well as how much it costs

retrieval as well as how much it costs for operations your sla and your

for operations your sla and your estimated monthly cost and so before

estimated monthly cost and so before creating any buckets you can always do a

creating any buckets you can always do a price check to see how much it'll cost

price check to see how much it'll cost for storage size retrieval to get a good

for storage size retrieval to get a good idea of how much it'll cost you monthly

idea of how much it'll cost you monthly okay so once you're all done here you

okay so once you're all done here you can simply click on create

can simply click on create and it'll go ahead and create your

and it'll go ahead and create your bucket and so now that your bucket is

bucket and so now that your bucket is created we want to add some files and so

created we want to add some files and so we first want to go into copying files

we first want to go into copying files from an instance to your cloud storage

from an instance to your cloud storage bucket and so in order to do that we

bucket and so in order to do that we need to create an instance and so we're

need to create an instance and so we're gonna go back over to the navigation

gonna go back over to the navigation menu we're gonna scroll down to compute

menu we're gonna scroll down to compute engine and we're gonna create our

engine and we're gonna create our instance and for those who do not have

instance and for those who do not have your default vpc set up please be sure

your default vpc set up please be sure to create one before going ahead and

to create one before going ahead and creating your instance i'm going to go

creating your instance i'm going to go ahead and click on create i'm going to

ahead and click on create i'm going to name this instance

name this instance bowtie instance going to give it a label

bowtie instance going to give it a label of environment test click on save

of environment test click on save the region is going to be

the region is going to be east one and you can keep the default

east one and you can keep the default zone as us east 1b the machine type

zone as us east 1b the machine type we're going to change it to e2micro and

we're going to change it to e2micro and you're going to scroll down to access

you're going to scroll down to access scopes and here your instance is going

scopes and here your instance is going to need access to your cloud storage

to need access to your cloud storage bucket and so it's going to need cloud

bucket and so it's going to need cloud storage access so you're going to click

storage access so you're going to click on set access for each api scroll down

on set access for each api scroll down to storage and for this demo we'll

to storage and for this demo we'll select full gonna leave everything else

select full gonna leave everything else as the default and simply click on

as the default and simply click on create and so we'll give it a couple

create and so we'll give it a couple minutes here for instance to create okay

minutes here for instance to create okay and my instance has been created and so

and my instance has been created and so now i want to create some files and copy

now i want to create some files and copy them over to cloud storage so i'm going

them over to cloud storage so i'm going to first navigate over to cloud storage

to first navigate over to cloud storage and into my bucket and this way you can

and into my bucket and this way you can see the files that you upload and so

see the files that you upload and so next you're going to open up cloud shell

next you're going to open up cloud shell and make this a little bigger for better

and make this a little bigger for better viewing and so now you're going to ssh

viewing and so now you're going to ssh into your instance by using the command

into your instance by using the command gcloud compute ssh along with your

gcloud compute ssh along with your instance name the zone flag dash dash

instance name the zone flag dash dash zone with the zone of us east 1b i'm

zone with the zone of us east 1b i'm going to go ahead and hit enter and you

going to go ahead and hit enter and you may be prompted with a message asking to

may be prompted with a message asking to authorize this api call and you want to

authorize this api call and you want to hit authorize and you're going to be

hit authorize and you're going to be prompted to enter a passphrase for your

prompted to enter a passphrase for your key pair enter it in again

key pair enter it in again and one more time

and one more time and success we're logged into the

and success we're logged into the instance i'm going to quickly clear my

instance i'm going to quickly clear my screen and so i know i could have sshed

screen and so i know i could have sshed into the instance from the compute

into the instance from the compute engine console but i wanted to display

engine console but i wanted to display both the console and the shell on the

both the console and the shell on the same screen to make viewing a bit easier

same screen to make viewing a bit easier as i add and remove files to and from

as i add and remove files to and from the bucket okay and so now that you're

the bucket okay and so now that you're logged in you want to create your first

logged in you want to create your first file that you can copy over to your

file that you can copy over to your bucket so you can enter in the command

bucket so you can enter in the command sudo nano file a bow ties dot text hit

sudo nano file a bow ties dot text hit enter and this will allow you to open up

enter and this will allow you to open up the nano editor to edit the file of

the nano editor to edit the file of bowties.txt and here you can enter in

bowties.txt and here you can enter in any message that you'd like for me i'm

any message that you'd like for me i'm going to enter in learning to tie a bow

going to enter in learning to tie a bow tie takes time okay and i'm going to hit

tie takes time okay and i'm going to hit ctrl o to save hit enter to verify the

ctrl o to save hit enter to verify the file name to right and ctrl x to exit

file name to right and ctrl x to exit and so now i want to copy this file up

and so now i want to copy this file up to my bucket and so here is where i'm

to my bucket and so here is where i'm going to use the gsutil command so i'm

going to use the gsutil command so i'm going to type in gsutil cp for copy the

going to type in gsutil cp for copy the name of the file which is file of

name of the file which is file of bowties

bowties text along with gs colon forward slash

text along with gs colon forward slash forward slash and the name of your

forward slash and the name of your bucket which in my case is bow tie ink

bucket which in my case is bow tie ink dash 2021 and this should copy my file

dash 2021 and this should copy my file file a bowties.txt up to my bucket of

file a bowties.txt up to my bucket of bow tie inc

bow tie inc 2021 i'm gonna hit enter

2021 i'm gonna hit enter okay and it's finished copying over and

okay and it's finished copying over and if i go up here to the top right and

if i go up here to the top right and click on refresh i can see that my file

click on refresh i can see that my file successfully uploaded and this is a

successfully uploaded and this is a great and easy method to upload any

great and easy method to upload any files that you may have to cloud storage

files that you may have to cloud storage okay and so now that you've copied files

okay and so now that you've copied files from your instance to your bucket you're

from your instance to your bucket you're going to now copy some files from the

going to now copy some files from the repo to be uploaded to cloud storage for

repo to be uploaded to cloud storage for our next step so you're gonna go ahead

our next step so you're gonna go ahead and exit out of the instance by just

and exit out of the instance by just simply typing in exit i'm gonna quickly

simply typing in exit i'm gonna quickly clear the screen and so here i need to

clear the screen and so here i need to clone my repo if you already have clone

clone my repo if you already have clone the repo then you can skip this step i'm

the repo then you can skip this step i'm going to cd tilde to make sure i'm in my

going to cd tilde to make sure i'm in my home directory i'm going to do an ls and

home directory i'm going to do an ls and so i can see here that i've already

so i can see here that i've already cloned my repo so i'm going to cd into

cloned my repo so i'm going to cd into that directory and i'm going to run the

that directory and i'm going to run the command git pull to get the latest files

command git pull to get the latest files fantastic i'm going to now clear my

fantastic i'm going to now clear my screen and i'm going to cd back to my

screen and i'm going to cd back to my home directory and so now i want to copy

home directory and so now i want to copy up the files that i want to work with to

up the files that i want to work with to my cloud storage bucket and they are two

my cloud storage bucket and they are two jpegs by the name of pink

jpegs by the name of pink elephant-bowtie as well as plaid bowtie

elephant-bowtie as well as plaid bowtie and these files can be found in the repo

and these files can be found in the repo marked 12 storage services under zero

marked 12 storage services under zero one cloud storage management and i will

one cloud storage management and i will be providing this in the lesson text as

be providing this in the lesson text as well as can be found in the instructions

well as can be found in the instructions and so i'm going to simply cd into that

and so i'm going to simply cd into that directory by typing in cd google cloud

directory by typing in cd google cloud associate cloud engineer 12 storage

associate cloud engineer 12 storage services and 0 1 cloud storage

services and 0 1 cloud storage management i'm going to list all the

management i'm going to list all the files in the directory and as you can

files in the directory and as you can see here pink elephant dash bow tie and

see here pink elephant dash bow tie and plaid bow tie are both here and so i'm

plaid bow tie are both here and so i'm going to quickly clear my screen and so

going to quickly clear my screen and so now for me to copy these files i'm going

now for me to copy these files i'm going to use the command gsutil

to use the command gsutil cp for copy star.jpg which is all the

cp for copy star.jpg which is all the jpegs that are available along with gs

jpegs that are available along with gs colon forward slash forward slash and

colon forward slash forward slash and the bucket name which is bow tie inc

the bucket name which is bow tie inc dash 2021 i'm going to hit enter and it

dash 2021 i'm going to hit enter and it says that it's successfully copied the

says that it's successfully copied the files i'm going to simply go up to the

files i'm going to simply go up to the top right hand corner and do another

top right hand corner and do another refresh and success the files have been

refresh and success the files have been successfully uploaded another perfect

successfully uploaded another perfect example of copying files from another

example of copying files from another source to your bucket using the gsutil

source to your bucket using the gsutil command line tool and so this is the end

command line tool and so this is the end of part one of this demo it was getting

of part one of this demo it was getting a bit long so i decided to break it up

a bit long so i decided to break it up and this would be a great opportunity

and this would be a great opportunity for you to get up and have a stretch get

for you to get up and have a stretch get yourself a coffee or tea and whenever

yourself a coffee or tea and whenever you're ready part two will be starting

you're ready part two will be starting immediately from the end of part one so

immediately from the end of part one so you can complete this video and i will

you can complete this video and i will see you in part two

see you in part two [Music]

[Music] this is part two of the managing cloud

this is part two of the managing cloud storage access demo and we'll be

storage access demo and we'll be starting exactly where we left off in

starting exactly where we left off in part 1. so with that being said let's

part 1. so with that being said let's dive in and so now that we've uploaded

dive in and so now that we've uploaded all these files we next want to make

all these files we next want to make this bucket publicly available now

this bucket publicly available now please know that leaving a bucket public

please know that leaving a bucket public is not common practice and should only

is not common practice and should only be used on the rare occasion that you

be used on the rare occasion that you are hosting a static website from your

are hosting a static website from your bucket and should always be kept private

bucket and should always be kept private whenever possible especially in a

whenever possible especially in a production environment so please note

production environment so please note that this is only for the purposes of

that this is only for the purposes of this demo and so i'm going to quickly

this demo and so i'm going to quickly show this to you in the console so i'm

show this to you in the console so i'm going to shut down the cloud shell for

going to shut down the cloud shell for just a minute and i'm going to go to the

just a minute and i'm going to go to the top menu and click on permissions and

top menu and click on permissions and under permissions i'm going to click on

under permissions i'm going to click on add here you can add new members and

add here you can add new members and because you want to make it publicly

because you want to make it publicly available you want to use the all users

available you want to use the all users member so you type in all and you should

member so you type in all and you should get a pop-up bringing up all users and

get a pop-up bringing up all users and all authenticated users you want to

all authenticated users you want to click on all users and the role that you

click on all users and the role that you want to select for this demo is going to

want to select for this demo is going to be storage object viewer so i'm going to

be storage object viewer so i'm going to type in storage object viewer and here

type in storage object viewer and here it should pop up and select that and

it should pop up and select that and then you can click on save you're going

then you can click on save you're going to be prompted to make sure that this is

to be prompted to make sure that this is what you want to do that you want to

what you want to do that you want to make this bucket public and so yes we do

make this bucket public and so yes we do so you can simply click on allow public

so you can simply click on allow public access and you will get a banner up here

access and you will get a banner up here at the top saying that this bucket is

at the top saying that this bucket is public to internet and is a great fail

public to internet and is a great fail safe to have in case you were to ever

safe to have in case you were to ever mistakenly make your bucket public and

mistakenly make your bucket public and if i head back over to objects you can

if i head back over to objects you can see that public access is available to

see that public access is available to all the files in the bucket and so just

all the files in the bucket and so just to verify this i'm going to copy the

to verify this i'm going to copy the public url for pink elephant dash bowtie

public url for pink elephant dash bowtie i'm going to open up a new tab paste in

i'm going to open up a new tab paste in the url hit enter and as you can see i

the url hit enter and as you can see i have public access to this picture and

have public access to this picture and close this tab and so now that we've

close this tab and so now that we've done our demo to make the bucket

done our demo to make the bucket publicly accessible we should go ahead

publicly accessible we should go ahead and remove public access so in order to

and remove public access so in order to remove public permissions i can simply

remove public permissions i can simply go up to permissions and simply click on

go up to permissions and simply click on remove public permissions i'm going to

remove public permissions i'm going to get a prompt to make sure this is

get a prompt to make sure this is exactly what i want to do and yes it is

exactly what i want to do and yes it is so you can click on remove public

so you can click on remove public permissions a very simple and elegant

permissions a very simple and elegant solution in order to remove public

solution in order to remove public access from your bucket and if you go

access from your bucket and if you go back to objects you'll see that all the

back to objects you'll see that all the public access has been removed from all

public access has been removed from all the files and so now that you've

the files and so now that you've experienced how to add public access to

experienced how to add public access to a bucket i wanted to get a little bit

a bucket i wanted to get a little bit more granular and so we're going to go

more granular and so we're going to go ahead and apply acl permissions for one

ahead and apply acl permissions for one specific object and because i like pink

specific object and because i like pink elephants let's go ahead and select pink

elephants let's go ahead and select pink elephant dash bow tie and so here i can

elephant dash bow tie and so here i can go up to the top menu and click on edit

go up to the top menu and click on edit permissions and i'll be prompted with a

permissions and i'll be prompted with a new window for permissions that are

new window for permissions that are currently available for this object you

currently available for this object you can click on add entry click on the drop

can click on add entry click on the drop down and select public from the

down and select public from the drop-down and it will automatically auto

drop-down and it will automatically auto populate the name which is all users and

populate the name which is all users and the access which will be reader i'm

the access which will be reader i'm going to go ahead and click on save and

going to go ahead and click on save and a public url will be generated and so

a public url will be generated and so just to verify this i'm going to click

just to verify this i'm going to click on the public url and success i now have

on the public url and success i now have public access to this picture yet once

public access to this picture yet once again i'm going to close down this tab

again i'm going to close down this tab and so now that you've configured this

and so now that you've configured this object for public access i want to show

object for public access i want to show you how to remove public access using

you how to remove public access using the command line this time so you're

the command line this time so you're going to go up to the top right hand

going to go up to the top right hand corner and open up cloud shell i'm going

corner and open up cloud shell i'm going to quickly clear my screen and i'm going

to quickly clear my screen and i'm going to paste in the command here which is

to paste in the command here which is gsutil acl ch for change minus d which

gsutil acl ch for change minus d which is delete the name of the user which is

is delete the name of the user which is all users and if this was a regular user

all users and if this was a regular user you could enter in their email address

you could enter in their email address along with gs colon forward slash

along with gs colon forward slash forward slash the bucket name which in

forward slash the bucket name which in my case is bow tie ink dash 2021 and the

my case is bow tie ink dash 2021 and the name of the file which is pink elephant

name of the file which is pink elephant bow tie dot jpeg i'm going to hit enter

bow tie dot jpeg i'm going to hit enter and it says that it's been successfully

and it says that it's been successfully updated and so if i go back up here to

updated and so if i go back up here to the console and i back out and go back

the console and i back out and go back into the file i can see here that the

into the file i can see here that the public url has been removed okay and now

public url has been removed okay and now there's one last step that we need to do

there's one last step that we need to do before ending this demo and this is to

before ending this demo and this is to create a signed url for the file so in

create a signed url for the file so in order to create a signed url we first

order to create a signed url we first need to create a private key and so

need to create a private key and so we're gonna do this using a service

we're gonna do this using a service account and so i'm gonna head on over to

account and so i'm gonna head on over to iam so i'm going to go up to the

iam so i'm going to go up to the navigation menu i'm going to go to i am

navigation menu i'm going to go to i am an admin and here with the menu on the

an admin and here with the menu on the left i'm going to click on service

left i'm going to click on service accounts here up at the top menu you're

accounts here up at the top menu you're going to click on create service account

going to click on create service account and under service account name you can

and under service account name you can enter in any name

enter in any name but for me i'm going to enter in signed

but for me i'm going to enter in signed url i'm going to leave everything else

url i'm going to leave everything else as is i'm going to simply click on

as is i'm going to simply click on create i'm going to close down cloud

create i'm going to close down cloud shell because i don't really need it

shell because i don't really need it right now just select a role and i'm

right now just select a role and i'm going to give it the role of storage

going to give it the role of storage object viewer

object viewer i'm going to click on continue and i'm

i'm going to click on continue and i'm going to leave the rest blank and simply

going to leave the rest blank and simply click on done and you should see a

click on done and you should see a service account with the name of signed

service account with the name of signed url and so in order to create a key i'm

url and so in order to create a key i'm going to simply go over to actions and

going to simply go over to actions and i'm going to click on the three dots and

i'm going to click on the three dots and i'm going to select create key from the

i'm going to select create key from the drop down menu and here i'm going to be

drop down menu and here i'm going to be prompted with what type of key that i

prompted with what type of key that i want to create and you want to make sure

want to create and you want to make sure that json is selected and simply click

that json is selected and simply click on create and this is where your key

on create and this is where your key will be automatically downloaded to your

will be automatically downloaded to your downloads folder i'm going to click on

downloads folder i'm going to click on close and so once you have your key

close and so once you have your key downloaded you're able to start the

downloaded you're able to start the process of generating a signed url and

process of generating a signed url and so i'm going to go ahead and use cloud

so i'm going to go ahead and use cloud shell in order to generate this signed

shell in order to generate this signed url so i'm going to go ahead back up to

url so i'm going to go ahead back up to the top and open up cloud shell again

the top and open up cloud shell again and then you can open up the cloud shell

and then you can open up the cloud shell editor going to go up to the top menu in

editor going to go up to the top menu in editor and click on file and you're

editor and click on file and you're going to select upload files and here's

going to select upload files and here's where you upload your key from your

where you upload your key from your downloads folder and i can see my key

downloads folder and i can see my key has been uploaded right here and you can

has been uploaded right here and you can rename your key file to something a

rename your key file to something a little bit more human readable so i'm

little bit more human readable so i'm going to right click i'm going to click

going to right click i'm going to click on rename and you can rename this file

on rename and you can rename this file as privatekey.json hit ok and so once

as privatekey.json hit ok and so once you have your key uploaded and renamed

you have your key uploaded and renamed you can now go back into the terminal to

you can now go back into the terminal to generate a signed url i'm going to

generate a signed url i'm going to quickly clear the screen i'm going to

quickly clear the screen i'm going to make sure that the private key is in my

make sure that the private key is in my path by typing in ls and as you can see

path by typing in ls and as you can see here privatekey.json

here privatekey.json is indeed in my path and so before i

is indeed in my path and so before i generate this key i'm going to head back

generate this key i'm going to head back on over to cloud storage i'm going to

on over to cloud storage i'm going to drill down into my bucket and as you can

drill down into my bucket and as you can see here pink elephant dash bow tie does

see here pink elephant dash bow tie does not have a public url and so when the

not have a public url and so when the sign url is generated you will get a

sign url is generated you will get a public url that will not be shown here

public url that will not be shown here in the console and will be private to

in the console and will be private to only the user that generated it and the

only the user that generated it and the users that the url has been distributed

users that the url has been distributed to okay and once you have everything in

to okay and once you have everything in place you can then go ahead and paste in

place you can then go ahead and paste in the command gsutil sign url minus d the

the command gsutil sign url minus d the allotted time which is 10 minutes the

allotted time which is 10 minutes the private key which is private key dot

private key which is private key dot json along with gs colon forward slash

json along with gs colon forward slash forward slash your bucket name which in

forward slash your bucket name which in my case is bow tie ink dash 2021 along

my case is bow tie ink dash 2021 along with the file name of

with the file name of pinkelephant-bowtie.jpg i'm going to hit

pinkelephant-bowtie.jpg i'm going to hit enter and so i purposely left this error

enter and so i purposely left this error here so you can see that when you

here so you can see that when you generate a signed url you need pi open

generate a signed url you need pi open ssl in order to generate it and so the

ssl in order to generate it and so the caveat here is that because python 2 is

caveat here is that because python 2 is being deprecated the command pip install

being deprecated the command pip install pi openssl will not work pi open ssl

pi openssl will not work pi open ssl needs to be installed with python3 and

needs to be installed with python3 and so to install it you're going to run the

so to install it you're going to run the command pip3 install pi open ssl and hit

command pip3 install pi open ssl and hit enter and so once it's finished

enter and so once it's finished installing you can now generate your

installing you can now generate your signed url i'm going to quickly clear my

signed url i'm going to quickly clear my screen paste in the command again hit

screen paste in the command again hit enter and success you've now generated a

enter and success you've now generated a sign url for the object pink elephant

sign url for the object pink elephant bowtie.jpg and because this is a signed

bowtie.jpg and because this is a signed url you will see under public url there

url you will see under public url there is no url there available even though it

is no url there available even though it is publicly accessible and so just to

is publicly accessible and so just to verify this i'm going to highlight the

verify this i'm going to highlight the link here i'm going to copy it i'm going

link here i'm going to copy it i'm going to open up a new tab i'm going to paste

to open up a new tab i'm going to paste in this url hit enter and success this

in this url hit enter and success this sign url is working and anyone who has

sign url is working and anyone who has access to it has viewing permissions of

access to it has viewing permissions of the file for 10 minutes and so again

the file for 10 minutes and so again this is a great method for giving

this is a great method for giving someone access to an object who doesn't

someone access to an object who doesn't have an account and will give them a

have an account and will give them a limited time to view or edit this object

limited time to view or edit this object and so i wanted to congratulate you on

and so i wanted to congratulate you on making it through this demo and hope

making it through this demo and hope that it has been extremely useful in

that it has been extremely useful in excelling your knowledge on managing

excelling your knowledge on managing buckets files and access to the buckets

buckets files and access to the buckets and files in cloud storage and so just

and files in cloud storage and so just as a recap you created a cloud storage

as a recap you created a cloud storage bucket you then created an instance and

bucket you then created an instance and copied a file from that instance to the

copied a file from that instance to the bucket you then clone your repo to cloud

bucket you then clone your repo to cloud shell and copy two jpeg files to your

shell and copy two jpeg files to your cloud storage bucket you then assigned

cloud storage bucket you then assigned and then removed public access to your

and then removed public access to your bucket and then applied an acl to a file

bucket and then applied an acl to a file in the bucket making it public as well

in the bucket making it public as well as removing public access right after

as removing public access right after you then created a service account

you then created a service account private key and generated a signed url

private key and generated a signed url to an object in that bucket

to an object in that bucket congratulations again on a job well done

congratulations again on a job well done and so that's pretty much all i wanted

and so that's pretty much all i wanted to cover in this demo on managing cloud

to cover in this demo on managing cloud storage access so you can now mark this

storage access so you can now mark this as complete and let's move on to the

as complete and let's move on to the next one

next one [Music]

[Music] welcome back in this demo we're going to

welcome back in this demo we're going to be getting into the weeds with object

be getting into the weeds with object versioning and life cycle management

versioning and life cycle management using both the console and the command

using both the console and the command line we're going to go through how

line we're going to go through how versioning works and what happens when

versioning works and what happens when objects get promoted along with creation

objects get promoted along with creation configuration and editing these life

configuration and editing these life cycle policies and so with that being

cycle policies and so with that being said let's dive in so we're going to be

said let's dive in so we're going to be starting off from where we left off in

starting off from where we left off in the last demo with all the resources

the last demo with all the resources intact that we created before and we're

intact that we created before and we're going to go ahead and dive right into

going to go ahead and dive right into versioning and so the first thing that

versioning and so the first thing that you want to do is turn on versioning for

you want to do is turn on versioning for your current bucket so in my case for

your current bucket so in my case for bow tie ink dash 2021 and we're going to

bow tie ink dash 2021 and we're going to do this through the command line so i'm

do this through the command line so i'm going to first go up to the top right

going to first go up to the top right hand corner and open up cloud shell and

hand corner and open up cloud shell and so you first want to see if versioning

so you first want to see if versioning is turned on for your bucket and you can

is turned on for your bucket and you can do this by using the command gsutil

do this by using the command gsutil versioning get along with gs colon

versioning get along with gs colon forward slash forward slash with your

forward slash forward slash with your bucket name and hit enter and you may be

bucket name and hit enter and you may be prompted with a message asking you to

prompted with a message asking you to authorize this api call you definitely

authorize this api call you definitely want to authorize and as expected

want to authorize and as expected versioning is not turned on on this

versioning is not turned on on this bucket hence the return of suspended and

bucket hence the return of suspended and so in order to turn versioning on we're

so in order to turn versioning on we're going to use a similar command gsutil

going to use a similar command gsutil versioning and instead of get we're

versioning and instead of get we're going to use set on gs colon forward

going to use set on gs colon forward slash forward slash and the bucket name

slash forward slash and the bucket name and hit enter and versioning has been

and hit enter and versioning has been enabled and so if i run the command

enabled and so if i run the command gsutil version in get again i'll get a

gsutil version in get again i'll get a response of enabled okay great now that

response of enabled okay great now that we have versioning enabled we can go

we have versioning enabled we can go ahead with the next step which is to

ahead with the next step which is to delete one of the files in the bucket

delete one of the files in the bucket and so you can go ahead and select plaid

and so you can go ahead and select plaid bowtie.jpg

bowtie.jpg and simply click on delete you can

and simply click on delete you can confirm the deletion and the file has

confirm the deletion and the file has been deleted now technically the file

been deleted now technically the file has not been deleted it is merely been

has not been deleted it is merely been converted to a non-current version and

converted to a non-current version and so in order to check the current and

so in order to check the current and non-current versions i'm going to use

non-current versions i'm going to use the command

the command gsutil

gsutil ls minus a along with the bucket name of

ls minus a along with the bucket name of g s colon forward slash forward slash

g s colon forward slash forward slash bow tie inc dash 2021 i'm gonna hit

bow tie inc dash 2021 i'm gonna hit enter

enter and as you can see here plaid bow tie

and as you can see here plaid bow tie still shows up the ls minus a command is

still shows up the ls minus a command is a linux command to show all files

a linux command to show all files including the hidden files and so what's

including the hidden files and so what's different about these files is right

different about these files is right after the dot text or dot jpg you will

after the dot text or dot jpg you will see a hashtag number and this is the

see a hashtag number and this is the generation number and this determines

generation number and this determines the version of each object and so what i

the version of each object and so what i want to do now is bring back the

want to do now is bring back the non-current version and make it current

non-current version and make it current so i'm going to promote the non-current

so i'm going to promote the non-current version of plaid bowtie.jpg

version of plaid bowtie.jpg to the current version and so in order

to the current version and so in order to do this i'm going to run the command

to do this i'm going to run the command gsutil and v for move along with the

gsutil and v for move along with the bucket of gs colon forward slash forward

bucket of gs colon forward slash forward slash bowtie inc hyphen 2021 and the

slash bowtie inc hyphen 2021 and the name of the file of plaid bow tie dot

name of the file of plaid bow tie dot jpeg along with the generation number

jpeg along with the generation number and i'm going to copy it from the

and i'm going to copy it from the currently listed i'm going to paste it

currently listed i'm going to paste it in and so now we need to put in the

in and so now we need to put in the target which is going to be the same

target which is going to be the same without the generation number and paste

without the generation number and paste that in then hit enter

that in then hit enter okay operation completed and so if i go

okay operation completed and so if i go up to the top right hand corner and

up to the top right hand corner and click on refresh i can see that now

click on refresh i can see that now there is a current version for plaid bow

there is a current version for plaid bow tie now just know that using the move

tie now just know that using the move command actually deletes the non-current

command actually deletes the non-current version and gives the new current

version and gives the new current version a new generation number and so

version a new generation number and so in order to verify this i'm going to

in order to verify this i'm going to quickly clear my screen and i'm going to

quickly clear my screen and i'm going to run the command gsutil ls minus a along

run the command gsutil ls minus a along with the bucket name a bow tie inc dash

with the bucket name a bow tie inc dash 2021

2021 and the generation number here is

and the generation number here is different than that of the last now if i

different than that of the last now if i use the cp or copy command it would

use the cp or copy command it would leave the non-current version and create

leave the non-current version and create a new version on top of that leaving two

a new version on top of that leaving two objects with two different generation

objects with two different generation numbers okay so with that step being

numbers okay so with that step being done you now want to log into your linux

done you now want to log into your linux instance and we're going to be doing

instance and we're going to be doing some versioning for file of bowties.text

some versioning for file of bowties.text so i'm going to go ahead and clear my

so i'm going to go ahead and clear my screen again and i'm going to run the

screen again and i'm going to run the command gcloud compute ssh bowtie

command gcloud compute ssh bowtie instance which is the name of my

instance which is the name of my instance along with the zone flag dash

instance along with the zone flag dash dash zone of the zone us east 1b i'm

dash zone of the zone us east 1b i'm going to hit enter

going to hit enter and you should be prompted for the

and you should be prompted for the passphrase of your key

passphrase of your key and i'm in and so here you want to edit

and i'm in and so here you want to edit file a bowties.txt to a different

file a bowties.txt to a different version so you can go ahead and run the

version so you can go ahead and run the command sudo nano file a bow ties dot

command sudo nano file a bow ties dot text and hit enter and you should have

text and hit enter and you should have learning to tie a bow tie takes time and

learning to tie a bow tie takes time and what you want to do is append version 2

what you want to do is append version 2 right at the end ctrl o to save enter to

right at the end ctrl o to save enter to verify the file name to right and

verify the file name to right and control x to exit and so now we want to

control x to exit and so now we want to copy file a bow ties dot text to your

copy file a bow ties dot text to your current bucket mine being bow tie ink

current bucket mine being bow tie ink dash 2021 so i'm going to go ahead and

dash 2021 so i'm going to go ahead and run the command gsutil cp the name of

run the command gsutil cp the name of the file which is file of bowties dot

the file which is file of bowties dot text and the target which is going to be

text and the target which is going to be bowtie inc

bowtie inc 2021 and hit enter

2021 and hit enter and it's copied the file to the bucket

and it's copied the file to the bucket and so if i hit refresh in the console

and so if i hit refresh in the console you can see that there is only one

you can see that there is only one version of file of bowties.text and so

version of file of bowties.text and so to check on all the versions that i have

to check on all the versions that i have i'm going to go back to my cloud shell

i'm going to go back to my cloud shell i'm going to quickly clear my screen and

i'm going to quickly clear my screen and i'm going to run the command gsutil ls

i'm going to run the command gsutil ls minus a along with the target bucket

minus a along with the target bucket hit enter and as you can see here there

hit enter and as you can see here there are now two versions of file of

are now two versions of file of bowties.text and if i quickly open this

bowties.text and if i quickly open this up

up i'm gonna click on the url you can see

i'm gonna click on the url you can see here that this is version two and so

here that this is version two and so this should be the latest generation of

this should be the latest generation of file of bowties.txt that you edited over

file of bowties.txt that you edited over in your instance i'm going to close this

in your instance i'm going to close this tab now and so what i want to do now is

tab now and so what i want to do now is i want to promote the non-current

i want to promote the non-current version to be the current version in

version to be the current version in essence making version 2 the non-current

essence making version 2 the non-current version and so i'm going to run the

version and so i'm going to run the command gsutil cp and i'm going to take

command gsutil cp and i'm going to take the older generation number and i'm

the older generation number and i'm going to copy it and paste it here and

going to copy it and paste it here and the target is going to be the same

the target is going to be the same without the generation number and paste

without the generation number and paste it and hit enter okay and the file has

it and hit enter okay and the file has been copied over so i'm going to do a

been copied over so i'm going to do a quick refresh in the console i'm going

quick refresh in the console i'm going to drill down into file a bowties.txt

to drill down into file a bowties.txt and when i click on the url link it

and when i click on the url link it should come up as version 1. and so this

should come up as version 1. and so this is a way to promote non-current versions

is a way to promote non-current versions to current versions using the gsutil

to current versions using the gsutil copy command or the gsutil move command

copy command or the gsutil move command i'm going to close on this tab now i'm

i'm going to close on this tab now i'm going to quickly clear my screen and if

going to quickly clear my screen and if i run the command gsutil ls minus a

i run the command gsutil ls minus a again you can see that i have even more

again you can see that i have even more files and so these files and versions of

files and so these files and versions of files will eventually accumulate and

files will eventually accumulate and continuously take up space along with

continuously take up space along with costing you money and so in order to

costing you money and so in order to mitigate this a good idea would be to

mitigate this a good idea would be to put life cycle policies into place and

put life cycle policies into place and so you're gonna go ahead now and add a

so you're gonna go ahead now and add a life cycle policy to the bucket and this

life cycle policy to the bucket and this will help manage the ever-growing

will help manage the ever-growing accumulation of files as more files are

accumulation of files as more files are being added to the bucket and more

being added to the bucket and more versions are being produced something

versions are being produced something that is very common that is seen in many

that is very common that is seen in many different environments and so we're

different environments and so we're going to go ahead and get this done in

going to go ahead and get this done in the console so i'm going to close down

the console so i'm going to close down cloud shell and i'm going to go back to

cloud shell and i'm going to go back to the main page of the bucket and under

the main page of the bucket and under the menu you can click on lifecycle and

the menu you can click on lifecycle and here you'll be able to add the lifecycle

here you'll be able to add the lifecycle rules and so here you're going to click

rules and so here you're going to click on add a rule and the first thing that

on add a rule and the first thing that you're prompted to do is to select an

you're prompted to do is to select an action and so the first rule you're

action and so the first rule you're going to apply is to delete non-current

going to apply is to delete non-current objects after seven days so you're gonna

objects after seven days so you're gonna click on delete object you're gonna be

click on delete object you're gonna be prompted with a warning gonna hit

prompted with a warning gonna hit continue and you'll be prompted to

continue and you'll be prompted to select object conditions and as

select object conditions and as discussed in an earlier lesson there are

discussed in an earlier lesson there are many conditions to choose from and

many conditions to choose from and multiple conditions can be selected so

multiple conditions can be selected so here you're going to select days since

here you're going to select days since becoming non-current and in the empty

becoming non-current and in the empty field you're going to type in 7. you can

field you're going to type in 7. you can click on continue and before you click

click on continue and before you click on create i wanted just to note that any

on create i wanted just to note that any life cycle rule can take up to 24 hours

life cycle rule can take up to 24 hours to take effect so i'm going to click on

to take effect so i'm going to click on create and here you can see the rule has

create and here you can see the rule has been applied to delete objects after

been applied to delete objects after seven days when object becomes

seven days when object becomes non-current and so now that we added a

non-current and so now that we added a delete rule we're going to go ahead and

delete rule we're going to go ahead and add another rule to move current files

add another rule to move current files that are not being used to a storage

that are not being used to a storage class that can save the company money

class that can save the company money and so let's go ahead and create another

and so let's go ahead and create another lifecycle rule but this time to use this

lifecycle rule but this time to use this set storage class action and so the

set storage class action and so the files that accumulate that have been

files that accumulate that have been there for over 90 days you want to set

there for over 90 days you want to set the storage class the cold line so this

the storage class the cold line so this way it'll save you some money and so

way it'll save you some money and so you're going to click on add a rule

you're going to click on add a rule you're going to select set storage class

you're going to select set storage class to cold line and as a note here it says

to cold line and as a note here it says archive objects will not be changed to

archive objects will not be changed to cold line so you can move forward with

cold line so you can move forward with the storage class but you can't move

the storage class but you can't move backwards in other words i can't move

backwards in other words i can't move from cold line to near line or archive

from cold line to near line or archive the cold line i can only move from near

the cold line i can only move from near line to cold line or cold line to

line to cold line or cold line to archive so i'm going to go ahead and

archive so i'm going to go ahead and click continue for the object conditions

click continue for the object conditions you want to select age and in the field

you want to select age and in the field you want to enter 90 days and here you

you want to enter 90 days and here you want to hit continue and finally click

want to hit continue and finally click on create and so in order to actually

on create and so in order to actually see these rules take effect like i said

see these rules take effect like i said before it'll take up to 24 hours and so

before it'll take up to 24 hours and so before we end this demo i wanted to show

before we end this demo i wanted to show you another way to edit a life cycle

you another way to edit a life cycle policy by editing the json file itself

policy by editing the json file itself so you can head on up to the top right

so you can head on up to the top right and open up cloud shell i'm going to

and open up cloud shell i'm going to bring this down a little bit and you're

bring this down a little bit and you're going to run the command gsutil

going to run the command gsutil lifecycle get along with the bucket name

lifecycle get along with the bucket name and output it to a file called

and output it to a file called lifecycle.json and hit enter

lifecycle.json and hit enter and no errors so that's a good sign next

and no errors so that's a good sign next i'm going to run the command ls and as

i'm going to run the command ls and as you can see here the lifecycle.json file

you can see here the lifecycle.json file has been written and so i'd like to edit

has been written and so i'd like to edit this file where it changes the set to

this file where it changes the set to cold line rule from 90 days to 120 days

cold line rule from 90 days to 120 days as tony bowtie's manager thinks that

as tony bowtie's manager thinks that they should keep the files a little bit

they should keep the files a little bit longer before sending it to coldline and

longer before sending it to coldline and so in order to edit this file you're

so in order to edit this file you're going to run the command sudo nano

going to run the command sudo nano along with the name of the file of

along with the name of the file of lifecycle.js you hit enter and it's

lifecycle.js you hit enter and it's going to be a long string but if you use

going to be a long string but if you use your arrow keys and move down and then

your arrow keys and move down and then back you'll see the set to cold line

back you'll see the set to cold line rule with the age of 90 days so i'm

rule with the age of 90 days so i'm going to move over here and i'm going to

going to move over here and i'm going to edit this to 120 and i'm going to hit

edit this to 120 and i'm going to hit ctrl o to save enter to verify file name

ctrl o to save enter to verify file name to write and ctrl x to exit and just

to write and ctrl x to exit and just know that you can also edit this file in

know that you can also edit this file in cloud shell editor and so in order for

cloud shell editor and so in order for me to put this lifecycle policy in place

me to put this lifecycle policy in place i need to set this as the new lifecycle

i need to set this as the new lifecycle policy and so in order for me to do that

policy and so in order for me to do that i'm going to run the command gsutil

i'm going to run the command gsutil lifecycle set along with the name of the

lifecycle set along with the name of the json file which is

json file which is lifecycle.json along with the bucket

lifecycle.json along with the bucket name and hit enter and it looks like it

name and hit enter and it looks like it said it and i'm going to do quick

said it and i'm going to do quick refresh in the console just to verify

refresh in the console just to verify and success the rule has been changed

and success the rule has been changed from 90 days to 120 days congratulations

from 90 days to 120 days congratulations on completing this demo now a lot of

on completing this demo now a lot of what you've experienced here is more of

what you've experienced here is more of what you will see in the architect exam

what you will see in the architect exam as the cloud engineer exam focuses on

as the cloud engineer exam focuses on more of the high level theory of these

more of the high level theory of these cloud storage features

cloud storage features but i wanted to show you some real life

but i wanted to show you some real life scenarios and how to apply the theory

scenarios and how to apply the theory that was shown in previous lessons into

that was shown in previous lessons into practice and so just as a recap you set

practice and so just as a recap you set versioning on the current bucket that

versioning on the current bucket that you are working in and you deleted a

you are working in and you deleted a file and made it non-current you then

file and made it non-current you then brought it back to be current again you

brought it back to be current again you then edited a file on your instance and

then edited a file on your instance and copied it over to replace the current

copied it over to replace the current version of that file in your bucket you

version of that file in your bucket you then promoted the non-current version as

then promoted the non-current version as the new one and moved into lifecycle

the new one and moved into lifecycle rules where you created two separate

rules where you created two separate rules you created a rule to delete files

rules you created a rule to delete files along with the rule to set storage class

along with the rule to set storage class after a certain age of the file and the

after a certain age of the file and the last step you took was to copy the

last step you took was to copy the lifecycle policy to your cloud shell and

lifecycle policy to your cloud shell and edited that policy and set it to a newer

edited that policy and set it to a newer edited version and so that pretty much

edited version and so that pretty much covers this demo on object versioning

covers this demo on object versioning and lifecycle management congratulations

and lifecycle management congratulations again on a job well done and so before

again on a job well done and so before you go

you go make sure you delete all the resources

make sure you delete all the resources you've created for the past couple of

you've created for the past couple of demos as you want to make sure that

demos as you want to make sure that you're not accumulating any unnecessary

you're not accumulating any unnecessary costs and so i'm going to do a quick run

costs and so i'm going to do a quick run through on deleting these resources and

through on deleting these resources and so i'm going to quickly close down cloud

so i'm going to quickly close down cloud shell and i'm going to head on over to

shell and i'm going to head on over to the navigation menu go to compute engine

the navigation menu go to compute engine i'm going to delete my instance and i'm

i'm going to delete my instance and i'm going to head back on over to cloud

going to head back on over to cloud storage and delete the bucket there i'm

storage and delete the bucket there i'm going to confirm the deletion i'm going

going to confirm the deletion i'm going to click on delete and so that covers

to click on delete and so that covers the deletion of all the resources so you

the deletion of all the resources so you can now mark this as complete and i'll

can now mark this as complete and i'll see you in the next one

welcome back and in this lesson i'm going to be covering cloud sql one of

going to be covering cloud sql one of google cloud's many database offerings

google cloud's many database offerings that offers reliable secure and scalable

that offers reliable secure and scalable sql databases without having to worry

sql databases without having to worry about the complexity to set it all up

about the complexity to set it all up now there's quite a bit to cover here so

now there's quite a bit to cover here so with that being said let's dive in now

with that being said let's dive in now cloud sql is a fully managed cloud

cloud sql is a fully managed cloud native relational database service that

native relational database service that offers mysql postgres and sql server

offers mysql postgres and sql server engines with built-in support for

engines with built-in support for replication cloud sql is a database as a

replication cloud sql is a database as a service offering from google where

service offering from google where google takes care of all the underlying

google takes care of all the underlying infrastructure for the database along

infrastructure for the database along with the operating system and the

with the operating system and the database software now because there are

database software now because there are a few different types of database

a few different types of database offerings from google cloud sql was

offerings from google cloud sql was designed for low latency transactional

designed for low latency transactional and relational database workloads it's

and relational database workloads it's also available in three different

also available in three different flavors of databases mysql postgres and

flavors of databases mysql postgres and the newest edition is sql server and all

the newest edition is sql server and all of them support standard apis for

of them support standard apis for connectivity cloud sql offers

connectivity cloud sql offers replication using different types of

replication using different types of read replicas which i will get into a

read replicas which i will get into a little bit later and offers capabilities

little bit later and offers capabilities for high availability for continuous

for high availability for continuous access to your data cloud sql also

access to your data cloud sql also offers backups in two different flavors

offers backups in two different flavors and allows you to restore your database

and allows you to restore your database from these backups with the same amount

from these backups with the same amount of ease now along with your backups

of ease now along with your backups comes point in time recovery for when

comes point in time recovery for when you want to restore a database from a

you want to restore a database from a specific point in time cloud sql storage

specific point in time cloud sql storage relies on connected persistent disks in

relies on connected persistent disks in the same zone that are available in

the same zone that are available in regular hard disk drives or ssds that

regular hard disk drives or ssds that currently give you up to 30 terabytes of

currently give you up to 30 terabytes of storage capacity and because the same

storage capacity and because the same technologies lie in the background for

technologies lie in the background for persistent disks

persistent disks automatic storage increase is available

automatic storage increase is available to resize your disks for more storage

to resize your disks for more storage cloud sql also offers encryption at rest

cloud sql also offers encryption at rest and in transit for securing data

and in transit for securing data entering and leaving your instance and

entering and leaving your instance and when it comes to costs you are billed

when it comes to costs you are billed for cpu memory and storage of the

for cpu memory and storage of the instance along with egress traffic as

instance along with egress traffic as well please be aware that there is a

well please be aware that there is a licensing cost when it comes to windows

licensing cost when it comes to windows instances now cloud sql instances are

instances now cloud sql instances are not available in the same instance types

not available in the same instance types as compute engine and are only available

as compute engine and are only available in the shared core

in the shared core standard and high memory cpu types and

standard and high memory cpu types and when you see them they will be clearly

when you see them they will be clearly marked with a db on the beginning of the

marked with a db on the beginning of the cpu type you cannot customize these

cpu type you cannot customize these instances like you can with compute

instances like you can with compute engine and so memory will be pre-defined

engine and so memory will be pre-defined when choosing the instance type now

when choosing the instance type now storage types for cloud sql are only

storage types for cloud sql are only available in hard disk drives and ssds

available in hard disk drives and ssds you are able to size them according to

you are able to size them according to your needs and as stated earlier can be

your needs and as stated earlier can be sized up to 30 terabytes in size and

sized up to 30 terabytes in size and when entering the danger zone of having

when entering the danger zone of having a full disk you do have the option of

a full disk you do have the option of enabling automatic storage increase so

enabling automatic storage increase so you never have to worry about filling up

you never have to worry about filling up your disk before that 30 terabyte limit

your disk before that 30 terabyte limit now when it comes to connecting to your

now when it comes to connecting to your cloud sql instance you can configure it

cloud sql instance you can configure it with a public or private ip but know

with a public or private ip but know that after configuring the instance with

that after configuring the instance with a private ip it cannot be changed

a private ip it cannot be changed although connecting with the private ip

although connecting with the private ip is preferred when connecting from a

is preferred when connecting from a client on a resource with access to a

client on a resource with access to a vpc as well it is always best practice

vpc as well it is always best practice to use private i p addresses for any

to use private i p addresses for any database in your environment whenever

database in your environment whenever you can now moving on to authentication

you can now moving on to authentication options the recommended method to

options the recommended method to connecting to your cloud sql instance is

connecting to your cloud sql instance is using cloud sql proxy the cloud sql

using cloud sql proxy the cloud sql proxy allows you to authorize and secure

proxy allows you to authorize and secure your connections using iam permissions

your connections using iam permissions unless using the cloud sql proxy

unless using the cloud sql proxy connections to an instance's public ip

connections to an instance's public ip address are only allowed if the

address are only allowed if the connection comes from an authorized

connection comes from an authorized network authorized networks are ip

network authorized networks are ip addresses or ranges that the user has

addresses or ranges that the user has specified as having permission to

specified as having permission to connect once you are authorized you can

connect once you are authorized you can connect to your instance through

connect to your instance through external clients or applications and

external clients or applications and even other google cloud services like

even other google cloud services like compute engine gke app engine cloud

compute engine gke app engine cloud functions and cloud run now i wanted to

functions and cloud run now i wanted to focus a moment here on the recommended

focus a moment here on the recommended method for connecting to your instance

method for connecting to your instance which is cloud sql proxy now as

which is cloud sql proxy now as mentioned before the cloud sql proxy

mentioned before the cloud sql proxy allows you to authorize and secure your

allows you to authorize and secure your connections using iam permissions the

connections using iam permissions the proxy validates connections using

proxy validates connections using credentials for a user or service

credentials for a user or service account and wrapping the connection in

account and wrapping the connection in an ssl tls layer that is authorized for

an ssl tls layer that is authorized for a cloud sql instance using the cloud sql

a cloud sql instance using the cloud sql proxy is the recommended method for

proxy is the recommended method for authenticating connections to a cloud

authenticating connections to a cloud sql instance as it is the most secure

sql instance as it is the most secure the client proxy is an open source

the client proxy is an open source library distributed as an executable

library distributed as an executable binary and is available for linux macos

binary and is available for linux macos and windows the client proxy acts as an

and windows the client proxy acts as an intermediary server that listens for

intermediary server that listens for incoming connections wraps them in ssl

incoming connections wraps them in ssl or tls and then passes them to a cloud

or tls and then passes them to a cloud sql instance the cloud sql proxy handles

sql instance the cloud sql proxy handles authentication with cloud sql providing

authentication with cloud sql providing secure access to cloud sql instances

secure access to cloud sql instances without the need to manage allowed ip

without the need to manage allowed ip addresses or configure ssl connections

addresses or configure ssl connections as well this is also the best solution

as well this is also the best solution for applications that hold ephemeral

for applications that hold ephemeral eyepiece and while the proxy can listen

eyepiece and while the proxy can listen on any port

on any port it only creates outgoing connections to

it only creates outgoing connections to your cloud sql instance on port 3307 now

your cloud sql instance on port 3307 now when it comes to database replication

when it comes to database replication it's more than just copying your data

it's more than just copying your data from one database to another the primary

from one database to another the primary reason for using replication is to scale

reason for using replication is to scale the use of data in a database without

the use of data in a database without degrading performance other reasons

degrading performance other reasons include migrating data between regions

include migrating data between regions and platforms and from an on-premises

and platforms and from an on-premises database to cloud sql you could also

database to cloud sql you could also promote a replica if the original

promote a replica if the original instance becomes corrupted and i'll be

instance becomes corrupted and i'll be getting into promoting replicas a little

getting into promoting replicas a little bit later now when it comes to a cloud

bit later now when it comes to a cloud sql instance the instance that is

sql instance the instance that is replicated is called a primary instance

replicated is called a primary instance and the copies are called read replicas

and the copies are called read replicas the primary instance and read replicas

the primary instance and read replicas all reside in cloud sql read replicas

all reside in cloud sql read replicas are read-only and you cannot write to

are read-only and you cannot write to them the read replica processes queries

them the read replica processes queries read requests and analytics traffics

read requests and analytics traffics thus reducing the load on the primary

thus reducing the load on the primary instance read replicas can have more

instance read replicas can have more cpus in memory than the primary instance

cpus in memory than the primary instance but they cannot have any less and you

but they cannot have any less and you can have up to 10 read replicas per

can have up to 10 read replicas per primary instance and you can connect to

primary instance and you can connect to a replica directly using its connection

a replica directly using its connection name and ip address cloud sql supports

name and ip address cloud sql supports the following types of replicas

the following types of replicas read replicas cross region read replicas

read replicas cross region read replicas external read replicas and cloud sql

external read replicas and cloud sql replicas when replicating from an

replicas when replicating from an external server now when it comes to

external server now when it comes to read replicas you would use it to

read replicas you would use it to offload work from a cloud sql instance

offload work from a cloud sql instance the read replica is an exact copy of the

the read replica is an exact copy of the primary instance and data and other

primary instance and data and other changes on the primary instance are

changes on the primary instance are updated in almost real time on the read

updated in almost real time on the read replica a read replica is created in a

replica a read replica is created in a different region from the primary

different region from the primary instance and you can create a cross

instance and you can create a cross region read replica the same way as you

region read replica the same way as you would create an in-region replica this

would create an in-region replica this improves read performance by making

improves read performance by making replicas available closer to your

replicas available closer to your application's region it also provides

application's region it also provides additional disaster recovery capability

additional disaster recovery capability to guard you against a regional failure

to guard you against a regional failure it also lets you migrate data from one

it also lets you migrate data from one region to another with minimum downtime

region to another with minimum downtime and lastly when it comes to external

and lastly when it comes to external read replicas these are external mysql

read replicas these are external mysql instances that replicate from a cloud

instances that replicate from a cloud sql primary instance

sql primary instance for example a mysql instance running on

for example a mysql instance running on compute engine is considered an external

compute engine is considered an external instance and so just as a quick note

instance and so just as a quick note here before you can create a read

here before you can create a read replica of a primary cloud sql instance

replica of a primary cloud sql instance the instance must meet the following

the instance must meet the following requirements automated backups must be

requirements automated backups must be enabled binary logging must be enabled

enabled binary logging must be enabled which requires point-in-time recovery to

which requires point-in-time recovery to be enabled and at least one backup must

be enabled and at least one backup must have been created after binary logging

have been created after binary logging was enabled and so when you have read

was enabled and so when you have read replicas in your environment it gives

replicas in your environment it gives you the flexibility of promoting those

you the flexibility of promoting those replicas if needed now promoting

replicas if needed now promoting replicas is a feature that can be used

replicas is a feature that can be used for when your primary database becomes

for when your primary database becomes corrupted or unreachable now you can

corrupted or unreachable now you can promote an in-region read replica or

promote an in-region read replica or cross-region re-replica depending on

cross-region re-replica depending on where you have your read replicas hosted

where you have your read replicas hosted so when you promote a read replica the

so when you promote a read replica the instance stops replication and converts

instance stops replication and converts the instance to a standalone cloud sql

the instance to a standalone cloud sql primary instance with read and write

primary instance with read and write capabilities please note that this

capabilities please note that this cannot be undone and also note that when

cannot be undone and also note that when your new primary instance has started

your new primary instance has started your other read replicas are not

your other read replicas are not transferred over from the old primary

transferred over from the old primary instance you will need to reconnect your

instance you will need to reconnect your other read replicas to your new primary

other read replicas to your new primary instance and as you can see here

instance and as you can see here promoting a replica is done manually and

promoting a replica is done manually and intentionally whereas high availability

intentionally whereas high availability has a standby instance that

has a standby instance that automatically becomes the primary in

automatically becomes the primary in case of a failure horizontal outage now

case of a failure horizontal outage now when it comes to promoting cross-region

when it comes to promoting cross-region replicas there are two common scenarios

replicas there are two common scenarios for promotion

for promotion regional migration which performs a

regional migration which performs a planned migration of a database to a

planned migration of a database to a different region and disaster recovery

different region and disaster recovery and this is where you would fail over a

and this is where you would fail over a database to another region in the event

database to another region in the event that the primary instances region

that the primary instances region becomes unavailable both use cases

becomes unavailable both use cases involve setting up cross-region

involve setting up cross-region replication and then promoting the

replication and then promoting the replica the main difference between them

replica the main difference between them is whether the promotion of the replica

is whether the promotion of the replica is planned or unplanned now if you're

is planned or unplanned now if you're promoting your replicas for a regional

promoting your replicas for a regional migration you can use a cross region

migration you can use a cross region replica to migrate your database to

replica to migrate your database to another region with minimal downtime and

another region with minimal downtime and this is so you can create a replica in

this is so you can create a replica in another region wait until the

another region wait until the replication catches up promote it and

replication catches up promote it and then direct your applications to the

then direct your applications to the newly promoted instance the steps

newly promoted instance the steps involved in promotion are the same as

involved in promotion are the same as for promoting an in-region replica and

for promoting an in-region replica and so when you're promoting replicas for

so when you're promoting replicas for disaster recovery cross-region replicas

disaster recovery cross-region replicas can be used as part of this disaster

can be used as part of this disaster recovery procedure you can promote a

recovery procedure you can promote a cross-region replica to fail over to

cross-region replica to fail over to another region should the primary

another region should the primary instances region become unavailable for

instances region become unavailable for an extended period of time so in this

an extended period of time so in this example the entire u.s east 1 region has

example the entire u.s east 1 region has gone down yet the reed replica in the

gone down yet the reed replica in the europe region is still up and running

europe region is still up and running and although there may be a little bit

and although there may be a little bit more latency for your customers in north

more latency for your customers in north america i'm able to promote this read

america i'm able to promote this read replica connect it to the needed

replica connect it to the needed resources and get back to business now

resources and get back to business now moving along to high availability cloud

moving along to high availability cloud sql offers aha capabilities out of the

sql offers aha capabilities out of the box the aha configuration sometimes

box the aha configuration sometimes called a cluster provides data

called a cluster provides data redundancy so a cloud sql instance

redundancy so a cloud sql instance configured for ha is also called a

configured for ha is also called a regional instance and is located in a

regional instance and is located in a primary and secondary zone within the

primary and secondary zone within the configured region within a regional

configured region within a regional instance the configuration is made up of

instance the configuration is made up of a primary instance and a standby

a primary instance and a standby instance and through synchronous

instance and through synchronous replication to each zone's persistent

replication to each zone's persistent disk all rights made to the primary

disk all rights made to the primary instance are also made to the standby

instance are also made to the standby instance each second the primary

instance each second the primary instance writes to a system database as

instance writes to a system database as a heartbeat signal if multiple

a heartbeat signal if multiple heartbeats aren't detected

heartbeats aren't detected failover is initiated and so if an

failover is initiated and so if an ha-configured instance becomes

ha-configured instance becomes unresponsive cloud sql automatically

unresponsive cloud sql automatically switches to serving data from the

switches to serving data from the standby instance and this is called a

standby instance and this is called a failover in this example the primary

failover in this example the primary instance or zone fails and failover is

instance or zone fails and failover is initiated so if the primary instance is

initiated so if the primary instance is unresponsive for approximately 60

unresponsive for approximately 60 seconds or the zone containing the

seconds or the zone containing the primary instance experiences an outage

primary instance experiences an outage failover will initiate the standby

failover will initiate the standby instance immediately starts serving data

instance immediately starts serving data upon reconnection through a shared

upon reconnection through a shared static ip address with the primary

static ip address with the primary instance and the standby instance now

instance and the standby instance now serves data from the secondary zone and

serves data from the secondary zone and now when the primary instance is

now when the primary instance is available again a fail back will happen

available again a fail back will happen and this is when traffic will be

and this is when traffic will be redirected back to the primary instance

redirected back to the primary instance and the standby instance will go back

and the standby instance will go back into standby mode as well the regional

into standby mode as well the regional persistent disk will pick up replication

persistent disk will pick up replication to the persistent disk in that same zone

to the persistent disk in that same zone and with regards to billing an ha

and with regards to billing an ha configured instance is charged at double

configured instance is charged at double the price of a standalone instance

the price of a standalone instance and this includes cpu ram and storage

and this includes cpu ram and storage also note that the standby instance

also note that the standby instance cannot be used for read queries and this

cannot be used for read queries and this is where it differs from read replicas

is where it differs from read replicas as well a very important note here is

as well a very important note here is that automatic backups and point in time

that automatic backups and point in time recovery must be enabled for high

recovery must be enabled for high availability and so the last topic that

availability and so the last topic that i wanted to touch on is backups

i wanted to touch on is backups and backups help you restore lost data

and backups help you restore lost data to your cloud sql instance you can also

to your cloud sql instance you can also restore an instance that is having

restore an instance that is having problems from a backup you enable

problems from a backup you enable backups for any instance that contains

backups for any instance that contains necessary data backups protect your data

necessary data backups protect your data from loss or damage enabling automated

from loss or damage enabling automated backups along with binary logging is

backups along with binary logging is also required for some operations such

also required for some operations such as clone and replica creation by default

as clone and replica creation by default cloud sql stores backup data in two

cloud sql stores backup data in two regions for redundancy one region can be

regions for redundancy one region can be the same region that the instance is in

the same region that the instance is in and the other is a different region if

and the other is a different region if there are two regions in a continent the

there are two regions in a continent the backup data remains on the same

backup data remains on the same continent cloud sql also lets you select

continent cloud sql also lets you select a custom location for your backup data

a custom location for your backup data and this is great if you need to comply

and this is great if you need to comply with data residency regulations for your

with data residency regulations for your business now cloud sql performs two

business now cloud sql performs two types of backups on-demand backups and

types of backups on-demand backups and automated backups now with on-demand

automated backups now with on-demand backups you can create a backup at any

backups you can create a backup at any time and this is useful for when you're

time and this is useful for when you're making risky changes that may go

making risky changes that may go sideways you can always create on-demand

sideways you can always create on-demand backups for any instance whether the

backups for any instance whether the instance has automatic backups enabled

instance has automatic backups enabled or not and these backups persist until

or not and these backups persist until you delete them or until their instance

you delete them or until their instance is deleted now when it comes to

is deleted now when it comes to automated backups these use a four hour

automated backups these use a four hour backup window these backups start during

backup window these backups start during the backup window and just as a note

the backup window and just as a note when possible you should schedule your

when possible you should schedule your backups when your instance has the least

backups when your instance has the least activity automated backups occur every

activity automated backups occur every day when your instance is running at any

day when your instance is running at any time in the 36 hour window and by

time in the 36 hour window and by default up to seven most recent backups

default up to seven most recent backups are retained you can also configure how

are retained you can also configure how many automated backups to retain from 1

many automated backups to retain from 1 to

to 365. now i've touched on this topic many

365. now i've touched on this topic many times in this lesson and i wanted to

times in this lesson and i wanted to highlight it for just a second and this

highlight it for just a second and this is point-in-time recovery so

is point-in-time recovery so point-in-time recovery helps you recover

point-in-time recovery helps you recover an instance to a specific point in time

an instance to a specific point in time for example if an error causes a loss of

for example if an error causes a loss of data you can recover a database to its

data you can recover a database to its state before the error happened a point

state before the error happened a point in time recovery always creates a new

in time recovery always creates a new instance and you cannot perform a point

instance and you cannot perform a point in time recovery to an existing instance

in time recovery to an existing instance and point in time recovery is enabled by

and point in time recovery is enabled by default when you create a new cloud sql

default when you create a new cloud sql instance and so when it comes to billing

instance and so when it comes to billing by default cloud sql retains seven days

by default cloud sql retains seven days of automated backups plus all on-demand

of automated backups plus all on-demand backups for an instance and so i know

backups for an instance and so i know there is a lot to retain in this lesson

there is a lot to retain in this lesson on cloud sql but be sure that these

on cloud sql but be sure that these concepts and knowing the difference

concepts and knowing the difference between them as well as when to use each

between them as well as when to use each feature will be a sure help in the exam

feature will be a sure help in the exam along with giving you the knowledge you

along with giving you the knowledge you need to use cloud sql in your role as a

need to use cloud sql in your role as a cloud engineer and so that's pretty much

cloud engineer and so that's pretty much all i had to cover when it comes to

all i had to cover when it comes to cloud sql so you can now mark this

cloud sql so you can now mark this lesson as complete and let's move on to

lesson as complete and let's move on to the next one

welcome back and in this lesson i wanted to touch on google cloud's global

to touch on google cloud's global relational database called cloud spanner

relational database called cloud spanner now cloud spanner is the same in some

now cloud spanner is the same in some ways as cloud sql when it comes to asset

ways as cloud sql when it comes to asset transactions sql querying and strong

transactions sql querying and strong consistency but differs in the way that

consistency but differs in the way that data is handled under the hood than

data is handled under the hood than cloud sql and so knowing this database

cloud sql and so knowing this database only at a high level is needed for the

only at a high level is needed for the exam but i'll be going into a bit more

exam but i'll be going into a bit more detail just to give you a better

detail just to give you a better understanding on how it works so with

understanding on how it works so with that being said let's dive in now cloud

that being said let's dive in now cloud spanner is a fully managed relational

spanner is a fully managed relational database service that is both strongly

database service that is both strongly consistent and horizontally scalable

consistent and horizontally scalable cloud spanner is another database as a

cloud spanner is another database as a service offering from google and so it

service offering from google and so it strips away all the headaches of setting

strips away all the headaches of setting up and maintaining the infrastructure

up and maintaining the infrastructure and software needed to run your database

and software needed to run your database in the cloud now being strongly

in the cloud now being strongly consistent in this context is when data

consistent in this context is when data will get passed on to all the replicas

will get passed on to all the replicas as soon as a write request comes to one

as soon as a write request comes to one of the replicas of the database cloud

of the replicas of the database cloud spanner uses truetime a highly available

spanner uses truetime a highly available distributed atomic clock system that is

distributed atomic clock system that is provided to applications on all google

provided to applications on all google servers it applies a time stamp to every

servers it applies a time stamp to every transaction on commit and so

transaction on commit and so transactions in other regions are always

transactions in other regions are always executed sequentially cloud spanner can

executed sequentially cloud spanner can distribute and manage data at a global

distribute and manage data at a global scale and support globally consistent

scale and support globally consistent reads along with strongly consistent

reads along with strongly consistent distributed transactions now being fully

distributed transactions now being fully managed cloud spanner handles any

managed cloud spanner handles any replicas that are needed for

replicas that are needed for availability of your data and optimizes

availability of your data and optimizes performance by automatically sharding

performance by automatically sharding the data based on request load and size

the data based on request load and size of the data part of why cloud spanner's

of the data part of why cloud spanner's high availability is due to its

high availability is due to its automatic synchronous data replication

automatic synchronous data replication between all replicas in independent

between all replicas in independent zones cloud spanner scales horizontally

zones cloud spanner scales horizontally automatically within regions but it can

automatically within regions but it can also scale across regions for workloads

also scale across regions for workloads that have higher availability

that have higher availability requirements making data available

requirements making data available faster to users at a global scale along

faster to users at a global scale along with node redundancy quietly added for

with node redundancy quietly added for every node deployed in the instance and

every node deployed in the instance and when you quickly add up all these

when you quickly add up all these features of cloud spanner it's no wonder

features of cloud spanner it's no wonder that it's available to achieve five

that it's available to achieve five nines availability on a multi-regional

nines availability on a multi-regional instance and four nines availability on

instance and four nines availability on a regional instance cloud spanner is

a regional instance cloud spanner is highly secure and offers data layer

highly secure and offers data layer encryption audit logging and iam

encryption audit logging and iam integration cloud spanner was designed

integration cloud spanner was designed to fit the needs of specific industries

to fit the needs of specific industries such as financial services

such as financial services ad tech retail and global supply chain

ad tech retail and global supply chain along with gaming and pricing for cloud

along with gaming and pricing for cloud spanner comes in at 90 cents per node

spanner comes in at 90 cents per node per hour with the cost of storage coming

per hour with the cost of storage coming in at 30 cents per gigabyte per month

in at 30 cents per gigabyte per month definitely not cheap but the features

definitely not cheap but the features are plentiful now this isn't in the exam

are plentiful now this isn't in the exam but i did want to take a moment to dive

but i did want to take a moment to dive into the architecture for a bit more

into the architecture for a bit more context as to why this database is of a

context as to why this database is of a different breed than the typical sql

different breed than the typical sql database now to use cloud spanner you

database now to use cloud spanner you must first create a cloud spanner

must first create a cloud spanner instance this instance is an allocation

instance this instance is an allocation of resources that is used by cloud

of resources that is used by cloud spanner databases created in that

spanner databases created in that instance instance creation includes two

instance instance creation includes two important choices the instance

important choices the instance configuration and the node count and

configuration and the node count and these choices determine the location and

these choices determine the location and the amount of the instances cpu and

the amount of the instances cpu and memory along with its storage resources

memory along with its storage resources your configuration choice is permanent

your configuration choice is permanent for an instance and only the node count

for an instance and only the node count can be changed later if needed an

can be changed later if needed an instance configuration defines the

instance configuration defines the geographic placement and replication of

geographic placement and replication of the database in that instance either

the database in that instance either regional or multi-region and please note

regional or multi-region and please note that when you choose a multi-zone

that when you choose a multi-zone configuration it allows you to replicate

configuration it allows you to replicate the databases data not just in multiple

the databases data not just in multiple zones but in multiple zones across

zones but in multiple zones across multiple regions and when it comes to

multiple regions and when it comes to the node count this determines the

the node count this determines the number of nodes to allocate to that

number of nodes to allocate to that instance these nodes allocate the amount

instance these nodes allocate the amount of cpu memory and storage needed for

of cpu memory and storage needed for your instance to either increase

your instance to either increase throughput or storage capacity there is

throughput or storage capacity there is no instance types to choose from like

no instance types to choose from like cloud sql and so when you need more

cloud sql and so when you need more power you simply add another node now

power you simply add another node now for any regional configuration cloud

for any regional configuration cloud spanner maintains exactly three read

spanner maintains exactly three read write replicas each within a different

write replicas each within a different zone in that region each read write

zone in that region each read write replica contains a full copy of your

replica contains a full copy of your operational database that is able to

operational database that is able to serve rewrite and read only requests

serve rewrite and read only requests cloud spanner uses replicas in different

cloud spanner uses replicas in different zones so that if a single zone failure

zones so that if a single zone failure occurs your database remains available

occurs your database remains available in a multi-region instance configuration

in a multi-region instance configuration the instance is allotted a combination

the instance is allotted a combination of four read write and read only

of four read write and read only replicas and just as a note a three node

replicas and just as a note a three node configuration minimum is what is

configuration minimum is what is recommended for production by google and

recommended for production by google and as cloud spanner gets populated with

as cloud spanner gets populated with data

data sharding happens which is also known as

sharding happens which is also known as a split and cloud spanner creates

a split and cloud spanner creates replicas of each database split to

replicas of each database split to improve performance and availability all

improve performance and availability all of the data in a split is physically

of the data in a split is physically stored together in a replica and cloud

stored together in a replica and cloud spanner serves each replica out of an

spanner serves each replica out of an independent failure zone and within each

independent failure zone and within each replica set

replica set one replica is elected to act as the

one replica is elected to act as the leader leader replicas are responsible

leader leader replicas are responsible for handling rights while any read write

for handling rights while any read write or read only replica can serve a read

or read only replica can serve a read request without communicating with the

request without communicating with the leader and so this is the inner workings

leader and so this is the inner workings of cloud spanner at a high level and not

of cloud spanner at a high level and not meant to confuse you but to give you a

meant to confuse you but to give you a better context of how cloud spanner

better context of how cloud spanner although it is a relational sql database

although it is a relational sql database is so different than its cloud sql

is so different than its cloud sql cousin now before ending this lesson i

cousin now before ending this lesson i wanted to touch on node performance for

wanted to touch on node performance for a quick moment and so each cloud spanner

a quick moment and so each cloud spanner node can provide up to 10 000 queries

node can provide up to 10 000 queries per second or qps of reads or 2000 qps

per second or qps of reads or 2000 qps of writes each node provides up to two

of writes each node provides up to two terabytes of storage and so if you need

terabytes of storage and so if you need to scale up the serving and storage

to scale up the serving and storage resources in your instance you add more

resources in your instance you add more nodes to that instance

nodes to that instance and remember as noted earlier that

and remember as noted earlier that adding a node does not increase the

adding a node does not increase the number of replicas but rather increases

number of replicas but rather increases the resources each replica has in the

the resources each replica has in the instance adding nodes gives each replica

instance adding nodes gives each replica more cpu and ram which increases the

more cpu and ram which increases the replicas throughput and so if you're

replicas throughput and so if you're looking to scale up automatically you

looking to scale up automatically you can scale the numbers of nodes in your

can scale the numbers of nodes in your instance based on the cloud monitoring

instance based on the cloud monitoring metrics on cpu or storage utilization

metrics on cpu or storage utilization in conjunction with using cloud

in conjunction with using cloud functions to trigger and so when you are

functions to trigger and so when you are deciding on a relational database that

deciding on a relational database that provides global distribution and

provides global distribution and horizontally scalable that handles

horizontally scalable that handles transactional workloads in google cloud

transactional workloads in google cloud cloud spanner will always be the obvious

cloud spanner will always be the obvious choice over cloud sql and so that's

choice over cloud sql and so that's pretty much all i have to cover when it

pretty much all i have to cover when it comes to this overview on cloud spanner

comes to this overview on cloud spanner so you can now mark this lesson as

so you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

one [Music]

[Music] welcome back and in this lesson we will

welcome back and in this lesson we will be going over the available nosql

be going over the available nosql databases available in google cloud this

databases available in google cloud this lesson is meant to be another overview

lesson is meant to be another overview just to familiarize you with the nosql

just to familiarize you with the nosql database options as they show up in the

database options as they show up in the exam this lesson is not meant to go in

exam this lesson is not meant to go in depth on databases but an overview and

depth on databases but an overview and will give you a good understanding on

will give you a good understanding on what features are available for each

what features are available for each and their use cases so with that being

and their use cases so with that being said let's dive in now there are four

said let's dive in now there are four managed nosql databases available in

managed nosql databases available in google cloud and i will be briefly going

google cloud and i will be briefly going over them and i'll be starting this off

over them and i'll be starting this off by discussing bigtable

by discussing bigtable now cloud bigtable is a fully managed

now cloud bigtable is a fully managed wide column nosql database designed for

wide column nosql database designed for terabyte and petabyte scale workloads

terabyte and petabyte scale workloads that offers low latency and high

that offers low latency and high throughput bigtable is built for

throughput bigtable is built for real-time application serving workloads

real-time application serving workloads as well as large-scale analytical

as well as large-scale analytical workloads cloud bigtable is a regional

workloads cloud bigtable is a regional service and if using replication a copy

service and if using replication a copy is stored in a different zone or region

is stored in a different zone or region for durability cloud bigtable is

for durability cloud bigtable is designed for storing very large amounts

designed for storing very large amounts of single keyed data while still being

of single keyed data while still being able to provide very low latency and

able to provide very low latency and because throughput scales linearly you

because throughput scales linearly you can increase the queries per second by

can increase the queries per second by adding more bigtable nodes when you need

adding more bigtable nodes when you need them bigtable throughput can be

them bigtable throughput can be dynamically adjusted by adding or

dynamically adjusted by adding or removing cluster nodes without

removing cluster nodes without restarting meaning you can increase the

restarting meaning you can increase the size of a bigtable cluster for just a

size of a bigtable cluster for just a few hours to handle a large load and

few hours to handle a large load and then reduce the cluster size again and

then reduce the cluster size again and do it all without any downtime bigtable

do it all without any downtime bigtable is an ideal source

is an ideal source for map reduce operations and integrates

for map reduce operations and integrates easily with all the existing big data

easily with all the existing big data tools such as hadoop dataproc and

tools such as hadoop dataproc and dataflow along with apache hbase and

dataflow along with apache hbase and when it comes to price bigtable is

when it comes to price bigtable is definitely no joke pricing for bigtable

definitely no joke pricing for bigtable starts at 65 cents per hour per node

starts at 65 cents per hour per node or over 450 dollars a month for a one

or over 450 dollars a month for a one node configuration with no data now you

node configuration with no data now you can use bigtable to store and query all

can use bigtable to store and query all of the following types of data such as

of the following types of data such as cpu and memory usage over time for

cpu and memory usage over time for multiple servers marketing data such as

multiple servers marketing data such as purchase histories and customer

purchase histories and customer preferences financial data such as

preferences financial data such as transaction histories stock prices and

transaction histories stock prices and currency exchange rates iot data or

currency exchange rates iot data or internet of things such as usage reports

internet of things such as usage reports from energy meters and home appliances

from energy meters and home appliances and lastly graph data such as

and lastly graph data such as information about how users are

information about how users are connected to one another cloud bigtable

connected to one another cloud bigtable excels as a storage engine as it can

excels as a storage engine as it can batch mapreduce operations

batch mapreduce operations stream processing or analytics as well

stream processing or analytics as well as being used for storage for machine

as being used for storage for machine learning applications now moving on to

learning applications now moving on to the next nosql database is cloud

the next nosql database is cloud datastore and cloud datastore is a

datastore and cloud datastore is a highly scalable nosql document database

highly scalable nosql document database built for automatic scaling high

built for automatic scaling high performance and ease of application

performance and ease of application development datastore is redundant

development datastore is redundant within your location

within your location to minimize impact from points of

to minimize impact from points of failures and therefore can offer high

failures and therefore can offer high availability of reads and rights cloud

availability of reads and rights cloud datastore can execute atomic

datastore can execute atomic transactions where a set of operations

transactions where a set of operations either all succeed or none occur cloud

either all succeed or none occur cloud datastore uses a distributed

datastore uses a distributed architecture to automatically manage

architecture to automatically manage scaling so you never have to worry about

scaling so you never have to worry about scaling manually as well what's very

scaling manually as well what's very unique about cloud datastore is that it

unique about cloud datastore is that it has a sql-like query language that's

has a sql-like query language that's available called gql also known as gql

available called gql also known as gql gql maps roughly to sql however a sql

gql maps roughly to sql however a sql role column lookup is limited to a

role column lookup is limited to a single value whereas in gql a property

single value whereas in gql a property can be a multiple value property this

can be a multiple value property this consistency model allows an application

consistency model allows an application to handle large amounts of data and

to handle large amounts of data and users while still being able to deliver

users while still being able to deliver a great user experience data is

a great user experience data is automatically encrypted before it is

automatically encrypted before it is written to disk and automatically

written to disk and automatically decrypted when read by an authorized

decrypted when read by an authorized user now this does not reflect in the

user now this does not reflect in the exam as of yet and i will be updating

exam as of yet and i will be updating this lesson if and when it happens but

this lesson if and when it happens but firestore is the newest version of

firestore is the newest version of datastore and introduces several

datastore and introduces several improvements over datastore existing

improvements over datastore existing datastore users can access these

datastore users can access these improvements by creating a new firestore

improvements by creating a new firestore database instance in datastore mode and

database instance in datastore mode and in the near future all existing

in the near future all existing datastore databases will be

datastore databases will be automatically upgraded to firestore in

automatically upgraded to firestore in datastore mode now moving right along

datastore mode now moving right along cloud datastore holds a really cool

cloud datastore holds a really cool feature for developers that's called

feature for developers that's called datastore emulator and this provides

datastore emulator and this provides local emulation of the production

local emulation of the production datastore environment so that you can

datastore environment so that you can use to develop and test your application

use to develop and test your application locally this is a component of the

locally this is a component of the google cloud sdks gcloud tool and can be

google cloud sdks gcloud tool and can be installed by using the gcloud components

installed by using the gcloud components install command that we discussed

install command that we discussed earlier on in the course and so moving

earlier on in the course and so moving on to use cases for datastore

on to use cases for datastore it is ideal for applications that rely

it is ideal for applications that rely on highly available structured data at

on highly available structured data at scale you can use datastore for things

scale you can use datastore for things like product catalogs that provide

like product catalogs that provide real-time inventory and product details

real-time inventory and product details for a retailer user profiles that

for a retailer user profiles that deliver a customized experience based on

deliver a customized experience based on the user's past activities and

the user's past activities and preferences

preferences as well as transactions based on asset

as well as transactions based on asset properties for example transferring

properties for example transferring funds from one bank account to another

funds from one bank account to another next up we have firestore for firebase

next up we have firestore for firebase and so this is a flexible scalable nosql

and so this is a flexible scalable nosql cloud database to store and sync data

cloud database to store and sync data for client and server side development

for client and server side development and is available for native c plus unity

and is available for native c plus unity node.js java go and python sdks

node.js java go and python sdks in addition to rest and rpc apis pretty

in addition to rest and rpc apis pretty much covering the gamut of most major

much covering the gamut of most major programming languages now with cloud

programming languages now with cloud firestore you store data in documents

firestore you store data in documents that contain fields mapping to values

that contain fields mapping to values these documents are stored in

these documents are stored in collections which are containers for

collections which are containers for your documents that you can use to

your documents that you can use to organize your data and build queries

organize your data and build queries documents support many different data

documents support many different data types as well you can also create sub

types as well you can also create sub collections within documents and build

collections within documents and build hierarchical data structures cloud

hierarchical data structures cloud firestore is serverless with absolutely

firestore is serverless with absolutely no servers to manage update or maintain

no servers to manage update or maintain and with automatic multi-region

and with automatic multi-region replication and strong consistency

replication and strong consistency google is able to hold

google is able to hold a five nines availability guarantee and

a five nines availability guarantee and so when it comes to querying in cloud

so when it comes to querying in cloud firestore it is expressive efficient and

firestore it is expressive efficient and flexible you can create shallow queries

flexible you can create shallow queries to retrieve data at the document level

to retrieve data at the document level without needing to retrieve the entire

without needing to retrieve the entire collection or any nested subcollections

collection or any nested subcollections cloud firestore uses data

cloud firestore uses data synchronization to update data in real

synchronization to update data in real time for any connected device as well it

time for any connected device as well it also caches data that your application

also caches data that your application is actively using so that the

is actively using so that the application can write read listen to and

application can write read listen to and query data even if the device is offline

query data even if the device is offline when the device comes back online cloud

when the device comes back online cloud firestore synchronizes any local changes

firestore synchronizes any local changes back to cloud firestore you can also

back to cloud firestore you can also secure your data in cloud firestore with

secure your data in cloud firestore with firebase authentication and cloud

firebase authentication and cloud firestore security rules for android ios

firestore security rules for android ios and javascript or you can use iam for

and javascript or you can use iam for server side languages and when it comes

server side languages and when it comes to costs firestore falls into the always

to costs firestore falls into the always available free tier where you can use

available free tier where you can use one database holding five gigabytes or

one database holding five gigabytes or if you need more you can move into their

if you need more you can move into their paid option now firebase also has

paid option now firebase also has another database sharing similar

another database sharing similar features like having no servers to

features like having no servers to deploy and maintain real-time updates

deploy and maintain real-time updates along with the free tier in this

along with the free tier in this database is called real time database

database is called real time database and is used for more basic querying

and is used for more basic querying simple data structure and keeping things

simple data structure and keeping things to one database

to one database it's something i like to call firestore

it's something i like to call firestore lite real time database does not show up

lite real time database does not show up in the exam but i wanted to bring it to

in the exam but i wanted to bring it to light as it is part of the firebase

light as it is part of the firebase family just know that you can use both

family just know that you can use both databases within the same firebase

databases within the same firebase application or project as both can store

application or project as both can store the same types of data client libraries

the same types of data client libraries work in a similar manner and both hold

work in a similar manner and both hold real-time updates now although firebase

real-time updates now although firebase is a development platform and not a

is a development platform and not a database service i wanted to give it a

database service i wanted to give it a quick mention for those of you who are

quick mention for those of you who are unfamiliar with the tie-in to firestore

unfamiliar with the tie-in to firestore with firebase firebase is a mobile

with firebase firebase is a mobile application development platform that

application development platform that provides tools and cloud services to

provides tools and cloud services to help enable developers to develop

help enable developers to develop applications faster and more easily and

applications faster and more easily and since it ties in nicely with firestore

since it ties in nicely with firestore it becomes the perfect platform for

it becomes the perfect platform for mobile application development okay so

mobile application development okay so moving on to our last nosql database is

moving on to our last nosql database is memorystore and memorystore is a fully

memorystore and memorystore is a fully managed service from google cloud for

managed service from google cloud for either redis or memcached in memory

either redis or memcached in memory datastore to build application caches

datastore to build application caches and this is a common service used in

and this is a common service used in many production environments

many production environments specifically when the need for caching

specifically when the need for caching arises memory store automates the

arises memory store automates the administration tasks for redis and

administration tasks for redis and memcached like enabling high

memcached like enabling high availability failover patching and

availability failover patching and monitoring so you don't have to and when

monitoring so you don't have to and when it comes to memory store for redis

it comes to memory store for redis instances in the standard tier these are

instances in the standard tier these are replicated across zones

replicated across zones monitored for health and have fast

monitored for health and have fast automatic failover standard tier

automatic failover standard tier instances also provide an sla of three

instances also provide an sla of three nines availability memory store for

nines availability memory store for redis also provides the ability to scale

redis also provides the ability to scale instant sizes seamlessly so that you can

instant sizes seamlessly so that you can start small and increase the size of the

start small and increase the size of the instance as needed memory store is

instance as needed memory store is protected from the internet using vpc

protected from the internet using vpc networks and private ip and also comes

networks and private ip and also comes with iam integration systems are

with iam integration systems are monitored around the clock ensuring that

monitored around the clock ensuring that your data is protected at all times and

your data is protected at all times and know that the versions are always kept

know that the versions are always kept up to date with the latest critical

up to date with the latest critical patches ensuring your instances are

patches ensuring your instances are secure now when it comes to use cases of

secure now when it comes to use cases of course the first thing you will see is

course the first thing you will see is caching and this is the main reason to

caching and this is the main reason to use memory store as it provides low

use memory store as it provides low latency access and high throughput for

latency access and high throughput for heavily accessed data compared to

heavily accessed data compared to accessing the data from a disk common

accessing the data from a disk common examples of caching is session

examples of caching is session management frequently accessed queries

management frequently accessed queries scripts or pages so when using memory

scripts or pages so when using memory store for leaderboards and gaming this

store for leaderboards and gaming this is a common use case in the gaming

is a common use case in the gaming industry as well as using it for player

industry as well as using it for player profiles memory store is also a perfect

profiles memory store is also a perfect solution for stream processing combined

solution for stream processing combined with data flow memory store for redis

with data flow memory store for redis provides a scalable fast in memory store

provides a scalable fast in memory store for storing intermediate data that

for storing intermediate data that thousands of clients can access with

thousands of clients can access with very low latency and so when it comes to

very low latency and so when it comes to nosql databases these are all the

nosql databases these are all the available options on google cloud and as

available options on google cloud and as i said before it will only show up on

i said before it will only show up on the exam at merely a high level and so

the exam at merely a high level and so knowing what each of these databases are

knowing what each of these databases are used for

used for will be a huge benefit along with being

will be a huge benefit along with being an entry to diving deeper into possibly

an entry to diving deeper into possibly using these services within your

using these services within your day-to-day job as a cloud engineer and

day-to-day job as a cloud engineer and so that's pretty much all i wanted to

so that's pretty much all i wanted to cover when it comes to nosql databases

cover when it comes to nosql databases available in google cloud so you can now

available in google cloud so you can now mark this lesson as complete and let's

mark this lesson as complete and let's move on to the next one

move on to the next one [Music]

[Music] welcome back and in this lesson we'll be

welcome back and in this lesson we'll be going over the big data ecosystem in an

going over the big data ecosystem in an overview just to familiarize you with

overview just to familiarize you with the services that are available in

the services that are available in google cloud and are the services that

google cloud and are the services that will show up in the exam this lesson is

will show up in the exam this lesson is not meant to go in depth but is an

not meant to go in depth but is an overview and will give you a good

overview and will give you a good understanding on what these services can

understanding on what these services can do and how they all work together to

do and how they all work together to make sense of big data as a whole

make sense of big data as a whole so getting right into it i wanted to

so getting right into it i wanted to first ask the question what is big data

first ask the question what is big data i mean many people talk about it but

i mean many people talk about it but what is it really well big data refers

what is it really well big data refers to massive amounts of data that would

to massive amounts of data that would typically be too expensive to store

typically be too expensive to store manage and analyze using traditional

manage and analyze using traditional database systems either relational or

database systems either relational or monolithic as the amount of data that we

monolithic as the amount of data that we have been seeing over the past few years

have been seeing over the past few years has started to increase these systems

has started to increase these systems have become very inefficient because of

have become very inefficient because of their lack of flexibility for storing

their lack of flexibility for storing unstructured data such as images text or

unstructured data such as images text or video as well as accommodating high

video as well as accommodating high velocity or real-time data or scaling to

velocity or real-time data or scaling to support very large

support very large petabyte scale data volumes for this

petabyte scale data volumes for this reason the past few years has seen the

reason the past few years has seen the mainstream adoption of new approaches to

mainstream adoption of new approaches to managing and processing big data

managing and processing big data including apache hadoop and nosql

including apache hadoop and nosql database systems however those options

database systems however those options often prove to be complex to deploy

often prove to be complex to deploy manage and use in an on-premises

manage and use in an on-premises situation

situation now the ability to consistently get

now the ability to consistently get business value from data

business value from data fast and efficiently is now becoming the

fast and efficiently is now becoming the de facto of successful organizations

de facto of successful organizations across every industry the more data a

across every industry the more data a company has access to the more business

company has access to the more business insights and business value they're able

insights and business value they're able to achieve

to achieve like gain useful insights increase

like gain useful insights increase revenue

revenue get or retain customers and even improve

get or retain customers and even improve operations and because machine learning

operations and because machine learning models get more efficient as they are

models get more efficient as they are trained with more data machine learning

trained with more data machine learning and big data are highly complementary

and big data are highly complementary all in all big data brings some really

all in all big data brings some really great value to the table that is

great value to the table that is impossible for any organization to turn

impossible for any organization to turn down and so now that we've gone through

down and so now that we've gone through that overview of what big data is i

that overview of what big data is i wanted to dive into some shorter

wanted to dive into some shorter overviews of the services available for

overviews of the services available for the big data ecosystem on google cloud

the big data ecosystem on google cloud and so the first service that i'd like

and so the first service that i'd like to start with is bigquery now bigquery

to start with is bigquery now bigquery is a fully managed serverless data

is a fully managed serverless data warehouse that enables scalable analysis

warehouse that enables scalable analysis over petabytes of data this service

over petabytes of data this service supports querying using sql and holds

supports querying using sql and holds built-in machine learning capabilities

built-in machine learning capabilities you start by ingesting data into

you start by ingesting data into bigquery and then you are able to take

bigquery and then you are able to take advantage of all the power it provides

advantage of all the power it provides so big data would ingest that data by

so big data would ingest that data by doing a batch upload or by streaming it

doing a batch upload or by streaming it in real time and you can use any of the

in real time and you can use any of the currently available google cloud

currently available google cloud services to load data into bigquery you

services to load data into bigquery you can take a manual batch ingestion

can take a manual batch ingestion approach

approach or stream using pub sub etl data and

or stream using pub sub etl data and with bigquery data transfer service you

with bigquery data transfer service you can automatically transfer data from

can automatically transfer data from external google data sources and partner

external google data sources and partner sas applications to bigquery on a

sas applications to bigquery on a scheduled and fully managed basis and

scheduled and fully managed basis and the best part is batch and export is

the best part is batch and export is free bigquery's high-speed streaming api

free bigquery's high-speed streaming api provides an incredible foundation for

provides an incredible foundation for real-time analytics making business data

real-time analytics making business data immediately available for analysis and

immediately available for analysis and you can also leverage pub sub and data

you can also leverage pub sub and data flow to stream data into bigquery

flow to stream data into bigquery bigquery transparently and automatically

bigquery transparently and automatically provides highly durable replicated

provides highly durable replicated storage in multiple locations for high

storage in multiple locations for high availability as well as being able to

availability as well as being able to achieve easy resource bigquery keeps a

achieve easy resource bigquery keeps a seven day history of changes in case

seven day history of changes in case something were to go wrong bigquery

something were to go wrong bigquery supports standard sql querying which

supports standard sql querying which reduces the need for code rewrites you

reduces the need for code rewrites you can simply use it as you would for

can simply use it as you would for querying any other sql compliant

querying any other sql compliant database and with dataproc and dataflow

database and with dataproc and dataflow bigquery provides integration with the

bigquery provides integration with the apache big data ecosystem allowing

apache big data ecosystem allowing existing hadoop spark and beam workloads

existing hadoop spark and beam workloads to read or write data directly from

to read or write data directly from bigquery using the storage api bigquery

bigquery using the storage api bigquery also makes it very easy to access this

also makes it very easy to access this data by using the cloud console using

data by using the cloud console using the bq command line tool or making calls

the bq command line tool or making calls to the bigquery rest api using a variety

to the bigquery rest api using a variety of client libraries such as java.net or

of client libraries such as java.net or python there are also a variety of

python there are also a variety of third-party tools that you can use to

third-party tools that you can use to interact with bigquery when visualizing

interact with bigquery when visualizing the data or loading the data bigquery

the data or loading the data bigquery provides strong security and governance

provides strong security and governance controls with fine-grained controls

controls with fine-grained controls through integration with identity and

through integration with identity and access management bigquery gives you the

access management bigquery gives you the option of geographic data control

option of geographic data control without the headaches of setting up and

without the headaches of setting up and managing clusters and other computing

managing clusters and other computing resources in different zones and regions

resources in different zones and regions bigquery also provides fine grain

bigquery also provides fine grain identity and access management and rest

identity and access management and rest assured that your data is always

assured that your data is always encrypted at rest and in transit now the

encrypted at rest and in transit now the way that bigquery calculates billing

way that bigquery calculates billing charges is by queries and by storage

charges is by queries and by storage storing data in bigquery is comparable

storing data in bigquery is comparable in price with storing data in cloud

in price with storing data in cloud storage which makes it an easy decision

storage which makes it an easy decision for storing data in bigquery there is no

for storing data in bigquery there is no upper limit to the amount of data that

upper limit to the amount of data that can be stored in bigquery so if tables

can be stored in bigquery so if tables are not edited for 90 days the price of

are not edited for 90 days the price of storage for that table drops by 50

storage for that table drops by 50 percent query costs are also available

percent query costs are also available as on-demand and flat rate pricing and

as on-demand and flat rate pricing and when it comes to on-demand pricing you

when it comes to on-demand pricing you are only charged for bytes read not

are only charged for bytes read not bytes returned in the end bigquery

bytes returned in the end bigquery scales seamlessly to store and analyze

scales seamlessly to store and analyze petabytes to exabytes of data with ease

petabytes to exabytes of data with ease now there are so many more features to

now there are so many more features to list but if you are interested feel free

list but if you are interested feel free to dive into the other features with the

to dive into the other features with the supplied link in the lesson text now

supplied link in the lesson text now moving on to the next service is pub sub

moving on to the next service is pub sub and pub sub is a fully managed real-time

and pub sub is a fully managed real-time messaging service that allows you to

messaging service that allows you to send and receive messages between

send and receive messages between independent applications it acts as

independent applications it acts as messaging oriented middleware or event

messaging oriented middleware or event ingestion and delivery for streaming

ingestion and delivery for streaming analytics pipelines and so a publisher

analytics pipelines and so a publisher application creates and send messages to

application creates and send messages to a topic subscriber applications create a

a topic subscriber applications create a subscription to a topic and receives

subscription to a topic and receives messages from it and so i wanted to take

messages from it and so i wanted to take a moment to show you exactly how it

a moment to show you exactly how it works

works so first the publisher creates messages

so first the publisher creates messages and sends them to the messaging service

and sends them to the messaging service on a specified topic a topic is a named

on a specified topic a topic is a named entity that represents a feed of

entity that represents a feed of messages a publisher application creates

messages a publisher application creates a topic in the pub sub service and sends

a topic in the pub sub service and sends messages to that topic a message

messages to that topic a message contains a payload and optional

contains a payload and optional attributes that describe the content the

attributes that describe the content the service as a whole ensures that

service as a whole ensures that published messages are retained on

published messages are retained on behalf of subscriptions and so a

behalf of subscriptions and so a published message is retained for a

published message is retained for a subscription in a message queue shown

subscription in a message queue shown here as message storage until it is

here as message storage until it is acknowledged by any subscriber consuming

acknowledged by any subscriber consuming messages from that subscription pub sub

messages from that subscription pub sub then forwards messages from a topic to

then forwards messages from a topic to all of its subscriptions individually a

all of its subscriptions individually a subscriber then receives messages either

subscriber then receives messages either by pub sub pushing them to the

by pub sub pushing them to the subscriber's chosen endpoint or by the

subscriber's chosen endpoint or by the subscriber pulling them from the service

subscriber pulling them from the service the subscriber then sends an

the subscriber then sends an acknowledgement to the pub sub service

acknowledgement to the pub sub service for each received message the service

for each received message the service then removes acknowledged messages from

then removes acknowledged messages from the subscriptions message queue and some

the subscriptions message queue and some of the use cases for pub sub is

of the use cases for pub sub is balancing large task queues distributing

balancing large task queues distributing event notifications and real-time data

event notifications and real-time data streaming from various sources and so

streaming from various sources and so the next service that i wanted to get

the next service that i wanted to get into is composer now composer is a

into is composer now composer is a managed workflow orchestration service

managed workflow orchestration service that is built on apache airflow this is

that is built on apache airflow this is a workflow automation tool for

a workflow automation tool for developers that's based on the open

developers that's based on the open source apache airflow project similar to

source apache airflow project similar to an on-premises deployment cloud composer

an on-premises deployment cloud composer deploys multiple components to run

deploys multiple components to run airflow in the cloud airflow is a

airflow in the cloud airflow is a platform

platform created by the community to

created by the community to programmatically author schedule and

programmatically author schedule and monitor workflows the airflow scheduler

monitor workflows the airflow scheduler as you see here executes the tasks on an

as you see here executes the tasks on an array of workers while following the

array of workers while following the specified dependencies and storing the

specified dependencies and storing the data in a database and having a ui

data in a database and having a ui component for easy management now

component for easy management now breaking down these workflows for just a

breaking down these workflows for just a sec in data analytics a workflow

sec in data analytics a workflow represents a series of tasks for

represents a series of tasks for ingesting transforming analyzing or

ingesting transforming analyzing or utilizing data in airflow workflows are

utilizing data in airflow workflows are created using dags which are a

created using dags which are a collection of tasks that you want to

collection of tasks that you want to schedule and run

schedule and run and organizes these tasks to ensure that

and organizes these tasks to ensure that each task is executed at the right time

each task is executed at the right time in the right order or with the right

in the right order or with the right issue handling now in order to run the

issue handling now in order to run the specialized workflows

specialized workflows provision environments are needed and so

provision environments are needed and so composer deploys these self-contained

composer deploys these self-contained environments on google kubernetes engine

environments on google kubernetes engine that work with other google cloud

that work with other google cloud services using connectors built into

services using connectors built into airflow the beauty of composer is that

airflow the beauty of composer is that you can create one or more of these

you can create one or more of these environments in a single google cloud

environments in a single google cloud project using any supported region

project using any supported region without having to do all the heavy

without having to do all the heavy lifting of creating a full-blown apache

lifting of creating a full-blown apache airflow environment now when it comes to

airflow environment now when it comes to data flow dataflow is a serverless fully

data flow dataflow is a serverless fully managed processing service for executing

managed processing service for executing apache beam pipelines for batch and

apache beam pipelines for batch and real-time data streaming the apache beam

real-time data streaming the apache beam sdk is an open source programming model

sdk is an open source programming model that enables you to develop both batch

that enables you to develop both batch and streaming pipelines using one of the

and streaming pipelines using one of the apache beam sdks you build a program

apache beam sdks you build a program that defines the pipeline then one of

that defines the pipeline then one of apache beam's supported distributed

apache beam's supported distributed processing back-ends such as data flow

processing back-ends such as data flow executes that pipeline the data flow

executes that pipeline the data flow service then takes care of all the

service then takes care of all the low-level details like coordinating

low-level details like coordinating individual workers sharding data sets

individual workers sharding data sets auto scaling and exactly once processing

auto scaling and exactly once processing now in its simplest form google cloud

now in its simplest form google cloud data flow reads the data from a source

data flow reads the data from a source transforms it and then writes the data

transforms it and then writes the data back to a sink now getting a bit more

back to a sink now getting a bit more granular with how this pipeline works

granular with how this pipeline works data flow reads the data presented from

data flow reads the data presented from a data source

a data source once the data has been read it is put

once the data has been read it is put together into a collection of data sets

together into a collection of data sets called a p collection and this allows

called a p collection and this allows the data to be read distributed and

the data to be read distributed and processed across multiple machines now

processed across multiple machines now at each step in which the data is

at each step in which the data is transformed a new p collection is

transformed a new p collection is created and once the final collection

created and once the final collection has been created it is written to async

has been created it is written to async and this is the full pipeline of how

and this is the full pipeline of how data goes from source to sync this

data goes from source to sync this pipeline within data flow is called a

pipeline within data flow is called a job and finally here is a high-level

job and finally here is a high-level overview of what a data flow job would

overview of what a data flow job would look like when you involve other

look like when you involve other services within google cloud and put

services within google cloud and put together in an end-to-end solution from

together in an end-to-end solution from retrieving the data to visualizing it

retrieving the data to visualizing it and finally when it comes to pricing

and finally when it comes to pricing data flow jobs are billed in per second

data flow jobs are billed in per second increments so you're only charged for

increments so you're only charged for when you are processing your data now

when you are processing your data now moving on to data proc this is a fast

moving on to data proc this is a fast and easy way to run spark hadoop hive or

and easy way to run spark hadoop hive or pig on google cloud in an on-premises

pig on google cloud in an on-premises environment it takes 5 to 30 minutes to

environment it takes 5 to 30 minutes to create spark and hadoop clusters data

create spark and hadoop clusters data proc clusters take 90 seconds or less on

proc clusters take 90 seconds or less on average to be built in google cloud

average to be built in google cloud dataproc has built-in integration with

dataproc has built-in integration with other google cloud platform services and

other google cloud platform services and use spark and hadoop clusters without

use spark and hadoop clusters without any admin assistance so when you're done

any admin assistance so when you're done with the cluster you can simply turn it

with the cluster you can simply turn it off so you don't spend money on an idle

off so you don't spend money on an idle cluster as well there's no need to worry

cluster as well there's no need to worry about data loss because data proc is

about data loss because data proc is integrated with cloud storage bigquery

integrated with cloud storage bigquery and cloud bigtable the great thing about

and cloud bigtable the great thing about dataproc is you don't need to learn new

dataproc is you don't need to learn new tools or apis to use it

tools or apis to use it spark hadoop pig and hive are all

spark hadoop pig and hive are all supported and frequently updated and

supported and frequently updated and when it comes to pricing you are billed

when it comes to pricing you are billed at one cent per vcpu in your cluster per

at one cent per vcpu in your cluster per hour on top of the other resources you

hour on top of the other resources you use you also have the flexibility of

use you also have the flexibility of using preemptable instances for even

using preemptable instances for even lower compute cost now although cloud

lower compute cost now although cloud data proc and cloud data flow can both

data proc and cloud data flow can both be used to implement etl data

be used to implement etl data warehousing solutions they each have

warehousing solutions they each have their strengths and weaknesses and so i

their strengths and weaknesses and so i wanted to take a quick moment to point

wanted to take a quick moment to point them out now with dataproc you can

them out now with dataproc you can easily spin up clusters through the

easily spin up clusters through the console the sdk or the api and turn it

console the sdk or the api and turn it off when you don't need it with dataflow

off when you don't need it with dataflow it is serverless and fully managed so

it is serverless and fully managed so there are never any servers to worry

there are never any servers to worry about and when it comes to having any

about and when it comes to having any dependencies to tools in the hadoop or

dependencies to tools in the hadoop or spark ecosystem data proc would be the

spark ecosystem data proc would be the way to go but if you're looking to make

way to go but if you're looking to make your jobs more portable across different

your jobs more portable across different execution engines apache beam allows you

execution engines apache beam allows you to do this and is only available on data

to do this and is only available on data flow moving on to the next service is

flow moving on to the next service is cloud data lab now cloud data lab is an

cloud data lab now cloud data lab is an interactive developer tool created to

interactive developer tool created to explore analyze transform and visualize

explore analyze transform and visualize data and build machine learning models

data and build machine learning models from your data data lab uses open

from your data data lab uses open sourced jupyter notebooks a well-known

sourced jupyter notebooks a well-known format used in the world of data science

format used in the world of data science it runs on compute engine and connects

it runs on compute engine and connects to multiple cloud services easily so you

to multiple cloud services easily so you can focus on your data science tasks it

can focus on your data science tasks it also integrates with all of the google

also integrates with all of the google services that help you simplify data

services that help you simplify data processing like bigquery and cloud

processing like bigquery and cloud storage cloud data lab is packaged as a

storage cloud data lab is packaged as a container and run in a vm instance cloud

container and run in a vm instance cloud data lab uses notebooks instead of text

data lab uses notebooks instead of text files containing code notebooks bring

files containing code notebooks bring together code documentation written as

together code documentation written as markdown and the results of code

markdown and the results of code execution whether it's text image or

execution whether it's text image or html or javascript like a code editor or

html or javascript like a code editor or ide notebooks help you write code and

ide notebooks help you write code and they allow you to execute code in an

they allow you to execute code in an interactive and iterative manner

interactive and iterative manner rendering the results alongside the code

rendering the results alongside the code cloud data lab notebooks can be stored

cloud data lab notebooks can be stored in google cloud source repository this

in google cloud source repository this git repository is cloned onto persistent

git repository is cloned onto persistent disk when attached to the vm now when it

disk when attached to the vm now when it comes to prepping your data before

comes to prepping your data before consumption whether it be data cleansing

consumption whether it be data cleansing cleaning prepping or alteration this is

cleaning prepping or alteration this is where data prep hits it out of the park

where data prep hits it out of the park dataprep is a serverless intelligent

dataprep is a serverless intelligent data service for visually exploring

data service for visually exploring cleaning and preparing structured and

cleaning and preparing structured and unstructured data for analysis reporting

unstructured data for analysis reporting and machine learning it automatically

and machine learning it automatically detects schemas data types possible

detects schemas data types possible joins and anomalies such as missing

joins and anomalies such as missing values outliers and duplicates so you

values outliers and duplicates so you don't have to the architecture that i'm

don't have to the architecture that i'm about to show you is how data prep

about to show you is how data prep shines the raw data that's available

shines the raw data that's available from various different sources is

from various different sources is ingested into cloud data prep to clean

ingested into cloud data prep to clean and prepare the data data prep then

and prepare the data data prep then sends the data off to cloud data flow to

sends the data off to cloud data flow to refine that data and then sent off to

refine that data and then sent off to cloud storage or bigquery for storage

cloud storage or bigquery for storage before being analyzed by one of the many

before being analyzed by one of the many available bi tools now these big data

available bi tools now these big data services are used by many data analysts

services are used by many data analysts in the field and it's great to know what

in the field and it's great to know what services that can be used to help

services that can be used to help process the data needed for their

process the data needed for their specific job as well for the exam you

specific job as well for the exam you only need to know these services at a

only need to know these services at a high level and not to know them in depth

high level and not to know them in depth but if you seem interested in diving

but if you seem interested in diving into any of these services to know more

into any of these services to know more about them i highly encourage you to

about them i highly encourage you to dive in after the course and really take

dive in after the course and really take a look at them and that's pretty much

a look at them and that's pretty much all i have to cover in this lesson on

all i have to cover in this lesson on the services that are available for the

the services that are available for the big data ecosystem in google cloud so

big data ecosystem in google cloud so you can now mark this lesson as complete

you can now mark this lesson as complete and let's move on to the next one

and let's move on to the next one [Music]

[Music] welcome back

welcome back this lesson is going to be based on the

this lesson is going to be based on the foundation of machine learning i'm going

foundation of machine learning i'm going to go over what machine learning is what

to go over what machine learning is what it can do for us the machine learning

it can do for us the machine learning ecosystem on google cloud

ecosystem on google cloud and hopefully answer any questions along

and hopefully answer any questions along the way this lesson will be a high level

the way this lesson will be a high level overview of the services available on

overview of the services available on google cloud yet these services that are

google cloud yet these services that are available are a need to know as they

available are a need to know as they come up in the exam and hopefully will

come up in the exam and hopefully will give you some really cool ideas on the

give you some really cool ideas on the possibilities of building something

possibilities of building something truly fantastic on google cloud so what

truly fantastic on google cloud so what is machine learning

is machine learning well machine learning is functionality

well machine learning is functionality that helps enable software to perform

that helps enable software to perform tasks without any explicit programming

tasks without any explicit programming or rules traditionally considered a

or rules traditionally considered a subcategory of artificial intelligence

subcategory of artificial intelligence machine learning involves statistical

machine learning involves statistical techniques such as deep learning also

techniques such as deep learning also known as neural networks that are

known as neural networks that are inspired by theories about how the human

inspired by theories about how the human brain processes information it is

brain processes information it is trained to recognize patterns in

trained to recognize patterns in collected data using algorithmic models

collected data using algorithmic models and this collected data includes video

and this collected data includes video images speech or text and because

images speech or text and because machine learning is very expensive to

machine learning is very expensive to run on-premises

run on-premises is an efficient place

is an efficient place for machine learning due to the use of

for machine learning due to the use of massive computation at scale

massive computation at scale and as explained before machine learning

and as explained before machine learning is always better with big data so now i

is always better with big data so now i wanted to touch on what can machine

wanted to touch on what can machine learning do for us

learning do for us well it can categorize images such as

well it can categorize images such as photos faces or satellite imagery

photos faces or satellite imagery it can look for keywords in text

it can look for keywords in text documents or emails

documents or emails it can flag potentially fraudulent

it can flag potentially fraudulent transactions when it comes to credit

transactions when it comes to credit cards or debit cards it can enable

cards or debit cards it can enable software to respond accurately to voice

software to respond accurately to voice commands it can also translate languages

commands it can also translate languages in text or audio and these are just some

in text or audio and these are just some of the common functions that machine

of the common functions that machine learning can do for us so getting into

learning can do for us so getting into google's machine learning platform

google's machine learning platform itself machine learning has been a

itself machine learning has been a cornerstone of google's internal systems

cornerstone of google's internal systems for years primarily because their need

for years primarily because their need to automate data-driven systems on a

to automate data-driven systems on a massive scale

massive scale and doing this has provided unique

and doing this has provided unique insight into the right techniques

insight into the right techniques infrastructure and frameworks that help

infrastructure and frameworks that help their customers get optimal value out of

their customers get optimal value out of machine learning the originally

machine learning the originally developed open source framework for use

developed open source framework for use inside of google

inside of google called tensorflow

called tensorflow is now the standard in the data science

is now the standard in the data science community in addition to heavily

community in addition to heavily contributing to the academic and open

contributing to the academic and open source communities

source communities google's machine learning researchers

google's machine learning researchers helped bring that functionality into

helped bring that functionality into google products such as g suite search

google products such as g suite search and photos in addition to google's

and photos in addition to google's internal operations when it comes to

internal operations when it comes to data center automation

data center automation now here is an overview of all the

now here is an overview of all the machine learning services that we will

machine learning services that we will be covering and that you will need to

be covering and that you will need to know

know only at a high level for the exam and

only at a high level for the exam and we'll start off with the site api

we'll start off with the site api services

services starting with the vision api

starting with the vision api the vision api offers powerful

the vision api offers powerful pre-trained machine learning models

pre-trained machine learning models that allow you to assign labels to

that allow you to assign labels to images

images and quickly classify them into millions

and quickly classify them into millions of pre-defined categories

of pre-defined categories vision api

vision api can read printed and handwritten text it

can read printed and handwritten text it can detect objects and faces

can detect objects and faces and build metadata into an image catalog

and build metadata into an image catalog of your choice now when it comes to

of your choice now when it comes to video intelligence

video intelligence it has pre-trained machine learning

it has pre-trained machine learning models that automatically recognizes

models that automatically recognizes more than 20 000 objects

more than 20 000 objects places and actions in stored and

places and actions in stored and streaming video you can gain insights

streaming video you can gain insights from video in near real time using the

from video in near real time using the video intelligence streaming video apis

video intelligence streaming video apis and trigger events based on objects

and trigger events based on objects detected you can easily search a video

detected you can easily search a video catalog the same way you search text

catalog the same way you search text documents and extract metadata that can

documents and extract metadata that can be used to index organize and search

be used to index organize and search video content

video content now moving on to the language apis

now moving on to the language apis we start off with the natural language

we start off with the natural language api and this uses machine learning to

api and this uses machine learning to reveal the structure and meaning of text

reveal the structure and meaning of text you can extract information about people

you can extract information about people places and events

places and events and better understand social media

and better understand social media sentiment and customer conversations

sentiment and customer conversations natural language enables you to analyze

natural language enables you to analyze text and also integrate it with your

text and also integrate it with your document storage on cloud storage now

document storage on cloud storage now with the translation api it enables you

with the translation api it enables you to dynamically translate between

to dynamically translate between languages using google's pre-trained or

languages using google's pre-trained or custom machine learning models

custom machine learning models translation api

translation api instantly translates text into more than

instantly translates text into more than 100 languages for your website and apps

100 languages for your website and apps with optional customization features

with optional customization features following another grouping of machine

following another grouping of machine learning is the conversation apis first

learning is the conversation apis first up we have dialog flow dialog flow is a

up we have dialog flow dialog flow is a natural language understanding platform

natural language understanding platform that makes it easy to design and

that makes it easy to design and integrate a conversational user

integrate a conversational user interface into your application or

interface into your application or device it could be a mobile app a web

device it could be a mobile app a web application a bot or an interactive

application a bot or an interactive voice response system using dialogflow

voice response system using dialogflow you can provide new and engaging ways

you can provide new and engaging ways for users to interact with your product

for users to interact with your product dialogflow can analyze multiple types of

dialogflow can analyze multiple types of input from your customers

input from your customers including text or audio inputs

including text or audio inputs like from a phone or voice recording and

like from a phone or voice recording and it can also respond to your customers in

it can also respond to your customers in a couple of ways either through text or

a couple of ways either through text or with synthetic speech now with the

with synthetic speech now with the speech-to-text api this api accurately

speech-to-text api this api accurately converts speech into text it can

converts speech into text it can transcribe content with accurate

transcribe content with accurate captions and deliver better user

captions and deliver better user experience in products through voice

experience in products through voice commands going the other way from text

commands going the other way from text to speech this api enables developers to

to speech this api enables developers to synthesize natural sounding speech with

synthesize natural sounding speech with over a hundred different voices

over a hundred different voices available in multiple languages and

available in multiple languages and variants text to speech

variants text to speech allows you to create lifelike

allows you to create lifelike interactions with their users across

interactions with their users across many applications and devices and to

many applications and devices and to finish off our machine learning segment

finish off our machine learning segment i wanted to touch on auto ml automl is a

i wanted to touch on auto ml automl is a suite of machine learning products that

suite of machine learning products that enables developers with very limited

enables developers with very limited machine learning expertise

machine learning expertise to train high quality models specific to

to train high quality models specific to their business needs in other words

their business needs in other words using automl allows making deep learning

using automl allows making deep learning easier to use and relies on google's

easier to use and relies on google's state-of-the-art transfer learning and

state-of-the-art transfer learning and neural architecture search technology so

neural architecture search technology so you can now generate high quality

you can now generate high quality training data and be able to deploy new

training data and be able to deploy new models based on your data in minutes

models based on your data in minutes automl is available for vision

automl is available for vision video intelligence translation

video intelligence translation natural language tables

natural language tables inference and recommendation apis

inference and recommendation apis now i know this has been a lot to cover

now i know this has been a lot to cover for this machine learning lesson and the

for this machine learning lesson and the ecosystem around it but is a necessity

ecosystem around it but is a necessity for the exam and will also help you

for the exam and will also help you build really cool products when it comes

build really cool products when it comes to your role as an engineer again all

to your role as an engineer again all the services that i have discussed in

the services that i have discussed in this lesson should be known at a high

this lesson should be known at a high level only although my recommendation

level only although my recommendation would be to dive deeper into these

would be to dive deeper into these services by checking out the links in

services by checking out the links in the lesson text below and having some

the lesson text below and having some fun with these products getting to know

fun with these products getting to know these services will really help up your

these services will really help up your game when it comes to getting to know

game when it comes to getting to know these services a little bit more in

these services a little bit more in depth and will really help you gain more

depth and will really help you gain more momentum when it comes to building any

momentum when it comes to building any applications or applying them to any

applications or applying them to any currently running applications i

currently running applications i personally found it extremely valuable

personally found it extremely valuable and really cemented my knowledge when it

and really cemented my knowledge when it came to machine learning i also had a

came to machine learning i also had a ton of fun doing it and so that's all i

ton of fun doing it and so that's all i have for this lesson on machine learning

have for this lesson on machine learning so you can now mark this lesson as

so you can now mark this lesson as complete and let's move on to the next

complete and let's move on to the next one

one [Music]

[Music] welcome back and in this lesson we'll be

welcome back and in this lesson we'll be diving into a suite of tools used on the

diving into a suite of tools used on the google cloud platform that allow you to

google cloud platform that allow you to operate monitor and troubleshoot your

operate monitor and troubleshoot your environment known as operation suite and

environment known as operation suite and previously known as stackdriver this

previously known as stackdriver this lesson will be mostly conceptual and

lesson will be mostly conceptual and gear more towards what the suite of

gear more towards what the suite of tools do as it plays a big part not only

tools do as it plays a big part not only in the exam but for the needs of gaining

in the exam but for the needs of gaining insight from all the resources that

insight from all the resources that exist in your environment now there are

exist in your environment now there are a few tools to cover here so with that

a few tools to cover here so with that being said let's dive in

being said let's dive in now the operation suite is a suite of

now the operation suite is a suite of tools for logging monitoring and

tools for logging monitoring and application diagnostics

application diagnostics operation suite ingests this data and

operation suite ingests this data and generates insights using dashboards

generates insights using dashboards charts and alerts this suite of tools

charts and alerts this suite of tools are available for both gcp and aws you

are available for both gcp and aws you can connect to aws using an aws role and

can connect to aws using an aws role and a gcp service account you can also

a gcp service account you can also monitor vms with specific agents that

monitor vms with specific agents that again both run on gcp for compute engine

again both run on gcp for compute engine and aws ec2 operation suite also allows

and aws ec2 operation suite also allows the added functionality of monitoring

the added functionality of monitoring any applications that's running on those

any applications that's running on those vms operation suite is also available

vms operation suite is also available for any on-premises infrastructure or

for any on-premises infrastructure or hybrid cloud environments operation

hybrid cloud environments operation suite has a native integration within

suite has a native integration within gcp out of the box so there's no real

gcp out of the box so there's no real configurations that you need to do and

configurations that you need to do and integrates with almost all the resources

integrates with almost all the resources on google cloud such as the previously

on google cloud such as the previously mentioned compute engine gke app engine

mentioned compute engine gke app engine and bigquery and you can find and fix

and bigquery and you can find and fix issues faster due to the many different

issues faster due to the many different tools an operation suite can reduce

tools an operation suite can reduce downtime with real-time alerting you can

downtime with real-time alerting you can also find support from a growing partner

also find support from a growing partner ecosystem of technology integration

ecosystem of technology integration tools to expand your operations security

tools to expand your operations security and compliance capabilities now the

and compliance capabilities now the operation suite comprises of six

operation suite comprises of six available products that covers the gamut

available products that covers the gamut of all the available tools you will need

of all the available tools you will need that allows you to monitor troubleshoot

that allows you to monitor troubleshoot and improve application performance on

and improve application performance on your google cloud environment and i will

your google cloud environment and i will be going over these products in a bit of

be going over these products in a bit of detail starting with monitoring now

detail starting with monitoring now cloud monitoring collects measurements

cloud monitoring collects measurements or metrics to help you understand how

or metrics to help you understand how your applications and system services

your applications and system services are performing giving you the

are performing giving you the information about the source of the

information about the source of the measurements time stamped values and

measurements time stamped values and information of those values that can be

information of those values that can be broken down through time series data

broken down through time series data cloud monitoring can then take the data

cloud monitoring can then take the data provided and use pre-defined dashboards

provided and use pre-defined dashboards that require no setup or configuration

that require no setup or configuration effort cloud monitoring also gives you

effort cloud monitoring also gives you the flexibility to create custom

the flexibility to create custom dashboards that display the content you

dashboards that display the content you select you can use the widgets available

select you can use the widgets available or you can install a dashboard

or you can install a dashboard configuration that is stored in github

configuration that is stored in github now in order for you to start using

now in order for you to start using cloud monitoring you need to configure a

cloud monitoring you need to configure a workspace

workspace now workspaces organize monitoring

now workspaces organize monitoring information in cloud monitoring this is

information in cloud monitoring this is a single pane of glass where you can

a single pane of glass where you can view everything that you're monitoring

view everything that you're monitoring in your environment it is also best

in your environment it is also best practice to use a multi-project

practice to use a multi-project workspace so you can monitor multiple

workspace so you can monitor multiple projects from a single pane of glass now

projects from a single pane of glass now as i mentioned earlier cloud monitoring

as i mentioned earlier cloud monitoring has an agent and this gathers system and

has an agent and this gathers system and application metrics from your vm and

application metrics from your vm and sends them to cloud monitoring you can

sends them to cloud monitoring you can monitor your vms without the agent but

monitor your vms without the agent but you will only get specific metrics such

you will only get specific metrics such as cpu

as cpu disk traffic network traffic and uptime

disk traffic network traffic and uptime using the agent is optional but is

using the agent is optional but is recommended by google and with the agent

recommended by google and with the agent it allows you to monitor many

it allows you to monitor many third-party applications and just as a

third-party applications and just as a note cloud logging has an agent as well

note cloud logging has an agent as well and works well together with cloud

and works well together with cloud monitoring to create visualize and alert

monitoring to create visualize and alert on metrics based on log data but more on

on metrics based on log data but more on that a little bit later cloud monitoring

that a little bit later cloud monitoring is also available for gke and this will

is also available for gke and this will allow you to monitor your clusters as it

allow you to monitor your clusters as it manages the monitoring and logging

manages the monitoring and logging together and this will monitor clusters

together and this will monitor clusters infrastructure its workloads and

infrastructure its workloads and services as well as your nodes pods and

services as well as your nodes pods and containers so when it comes to alerting

containers so when it comes to alerting this is defined by policies and

this is defined by policies and conditions so an a learning policy

conditions so an a learning policy defines the conditions under which a

defines the conditions under which a service is considered unhealthy when

service is considered unhealthy when these conditions are met the policy is

these conditions are met the policy is triggered and it opens a new incident

triggered and it opens a new incident and sends off a notification a policy

and sends off a notification a policy belongs to an individual workspace and

belongs to an individual workspace and each workspace can contain up to 500

each workspace can contain up to 500 policies now conditions determine when

policies now conditions determine when an alerting policy is triggered so all

an alerting policy is triggered so all conditions watch for three separate

conditions watch for three separate things the first one is a metric the

things the first one is a metric the second one is a behavior in some way and

second one is a behavior in some way and the third one is for a period of time

the third one is for a period of time describing a condition includes a metric

describing a condition includes a metric to be measured and a test for

to be measured and a test for determining when the metric reaches a

determining when the metric reaches a state that you want to know about so

state that you want to know about so when an alert is triggered you could be

when an alert is triggered you could be notified using notification channels

notified using notification channels such as email

such as email sms

sms as well as third party tools such as

as well as third party tools such as pagerduty and slack now moving on to

pagerduty and slack now moving on to cloud logging cloud logging is a central

cloud logging cloud logging is a central repository for log data from multiple

repository for log data from multiple sources and as described earlier logging

sources and as described earlier logging can come not just from google but with

can come not just from google but with aws as well as on-premises environments

aws as well as on-premises environments cloud logging handles real-time log

cloud logging handles real-time log management and analysis and has tight

management and analysis and has tight integration with cloud monitoring it

integration with cloud monitoring it collects platform system and application

collects platform system and application logs and you also have the option of

logs and you also have the option of exporting logs to other sources such as

exporting logs to other sources such as long-term storage like cloud storage or

long-term storage like cloud storage or for analysis like bigquery you can also

for analysis like bigquery you can also export to third-party tools as well now

export to third-party tools as well now diving into the concepts of cloud

diving into the concepts of cloud logging these are associated primarily

logging these are associated primarily with gcp projects so logs viewer only

with gcp projects so logs viewer only shows logs from one specific project now

shows logs from one specific project now when it comes to log entries log entry

when it comes to log entries log entry records a status or an event a project

records a status or an event a project receives log entries when services being

receives log entries when services being used produce log entries and to get down

used produce log entries and to get down to the basics

to the basics logs are a named collection of log

logs are a named collection of log entries within a google cloud resource

entries within a google cloud resource and just as a note each log entry

and just as a note each log entry includes the name of its log logs only

includes the name of its log logs only exist if they have log entries and the

exist if they have log entries and the retention period is the length of time

retention period is the length of time for which your logs are kept so digging

for which your logs are kept so digging into the types of logs that cloud

into the types of logs that cloud logging handles there are three

logging handles there are three different types of logs there are audit

different types of logs there are audit logs transparency logs and agent logs

logs transparency logs and agent logs now with audit logs these are logs that

now with audit logs these are logs that define who did what where and when they

define who did what where and when they also show admin activity and data access

also show admin activity and data access as well as system events continuing on

as well as system events continuing on to access transparency logs these are

to access transparency logs these are logs for actions taken by google so when

logs for actions taken by google so when google staff is accessing your data due

google staff is accessing your data due to a support ticket the actions that are

to a support ticket the actions that are taken by the google staff are logged

taken by the google staff are logged within cloud logging now when it comes

within cloud logging now when it comes to agent logs these are the logs that

to agent logs these are the logs that come from agents that are installed on

come from agents that are installed on vms

vms the logging agent sends system and

the logging agent sends system and third-party logs on the vm instance to

third-party logs on the vm instance to cloud logging moving on to error

cloud logging moving on to error reporting this looks at real-time error

reporting this looks at real-time error monitoring and alerting it counts

monitoring and alerting it counts analyzes and aggregates the errors that

analyzes and aggregates the errors that happen in your gcp environment and then

happen in your gcp environment and then alerts you when a new application error

alerts you when a new application error occurs details of the error can be sent

occurs details of the error can be sent through the api and notifications are

through the api and notifications are still in beta error reporting is

still in beta error reporting is integrated into cloud functions and

integrated into cloud functions and google app engine standard which is

google app engine standard which is enabled automatically error reporting is

enabled automatically error reporting is in beta for compute engine kubernetes

in beta for compute engine kubernetes engine and app engine flexible as well

engine and app engine flexible as well as aws ec2 air reporting can be

as aws ec2 air reporting can be installed in a variety of languages such

installed in a variety of languages such as go java.net

as go java.net node.js python php and ruby now moving

node.js python php and ruby now moving into debugger this tool debugs a running

into debugger this tool debugs a running application without slowing it down it

application without slowing it down it captures and inspects the call stack and

captures and inspects the call stack and local variables in your application this

local variables in your application this tool debugs a running application

tool debugs a running application without slowing it down it captures and

without slowing it down it captures and inspects the call stack and local

inspects the call stack and local variables in your application this is

variables in your application this is also known as taking a snapshot once the

also known as taking a snapshot once the snapshot has been taken

snapshot has been taken a log point can be injected to allow you

a log point can be injected to allow you to start debugging debugger can be used

to start debugging debugger can be used with or without access to your

with or without access to your application source code and if your repo

application source code and if your repo is not local it can be hooked into a

is not local it can be hooked into a remote git repo such as github git lab

remote git repo such as github git lab or bitbucket debugger is integrated with

or bitbucket debugger is integrated with google app engine automatically and can

google app engine automatically and can be installed on google compute engine

be installed on google compute engine gke

gke and google app engine debugger is

and google app engine debugger is integrated with google app engine

integrated with google app engine automatically and can be installed on

automatically and can be installed on gke debugger is integrated with google

gke debugger is integrated with google app engine automatically and can be

app engine automatically and can be installed on google compute engine

installed on google compute engine google kubernetes engine google app

google kubernetes engine google app engine and cloud run and just as a note

engine and cloud run and just as a note installation on these products is all

installation on these products is all dependent on the library and again

dependent on the library and again debugger can be installed like trace on

debugger can be installed like trace on non-gcp environments and is available to

non-gcp environments and is available to be installed using a variety of

be installed using a variety of different languages next up is trace and

different languages next up is trace and trace helps you understand how long it

trace helps you understand how long it takes your application to handle

takes your application to handle incoming requests from users and

incoming requests from users and applications trace collects latency data

applications trace collects latency data from app engine https load balancers and

from app engine https load balancers and applications using the trace api this is

applications using the trace api this is also integrated with google app engine

also integrated with google app engine standard and is applied automatically so

standard and is applied automatically so you would use trace for something like a

you would use trace for something like a website that is taking forever to load

website that is taking forever to load to troubleshoot that specific issue

to troubleshoot that specific issue trace can be installed on google compute

trace can be installed on google compute engine google kubernetes engine and

engine google kubernetes engine and google app engine as well it can also be

google app engine as well it can also be installed on non-gcp environments and it

installed on non-gcp environments and it can be installed using a variety of

can be installed using a variety of different languages as shown here and

different languages as shown here and coming up on the last tool of the bunch

coming up on the last tool of the bunch is profiler now profiler gathers cpu

is profiler now profiler gathers cpu usage and memory allocation information

usage and memory allocation information from your applications continuously and

from your applications continuously and this helps you discover patterns of

this helps you discover patterns of resource consumption to help you better

resource consumption to help you better troubleshoot profiler is low profile and

troubleshoot profiler is low profile and therefore won't take up a lot of memory

therefore won't take up a lot of memory or cpu on your system as well in order

or cpu on your system as well in order to use profiler an agent needs to be

to use profiler an agent needs to be installed profiler can be installed on

installed profiler can be installed on compute engine kubernetes engine and app

compute engine kubernetes engine and app engine as well and of course it can be

engine as well and of course it can be installed on non-gcp environments and

installed on non-gcp environments and profiler can be installed using the

profiler can be installed using the following languages just go

following languages just go java node.js and python and so just as a

java node.js and python and so just as a note for the exam only a high level

note for the exam only a high level overview of these tools are needed and

overview of these tools are needed and so this concludes this lesson on a high

so this concludes this lesson on a high level overview of operation suite so you

level overview of operation suite so you can now mark this lesson as complete and

can now mark this lesson as complete and let's move on to the next one

Click on any text or timestamp to jump to that moment in the video

Most transcripts ready in under 5 seconds

One-Click Copy125+ LanguagesSearch ContentJump to Timestamps

Paste YouTube URL

Enter any YouTube video link to get the full transcript

Most transcripts ready in under 5 seconds

Get Our Chrome Extension

Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.

Add to Chrome — Free

Works with YouTube, Coursera, Udemy and more educational platforms

Get Instant Transcripts: Just Edit the Domain in Your Address Bar!

YouTube

←

→

↻

https://www.youtube.com/watch?v=UF8uR6Z6KLc

YoutubeToText

←

→

↻

https://youtubetotext.net/watch?v=UF8uR6Z6KLc

YouTube TranscriptPreparing your results…

YouTube Transcript:Google Cloud Associate Cloud Engineer Course - Pass the Exam!

AutoDub

Video Transcript

Summary Requirements

Paste YouTube URL

Transcript Extraction Form

Get Our Chrome Extension

Get Instant Transcripts: Just Edit the Domain in Your Address Bar!

YouTube Transcript:
Google Cloud Associate Cloud Engineer Course - Pass the Exam!