Google Cloud Platform (GCP) lets organizations take advantage of the powerful network and technologies that Google uses to deliver its own products. Global companies like Coca-Cola and cutting-edge technology stars like Spotify are already running sophisticated applications on GCP. This course will help you design an enterprise-class Google Cloud infrastructure for your own organization.
When you architect an infrastructure for mission-critical applications, not only do you need to choose the appropriate compute, storage, and networking components, but you also need to design for security, high availability, regulatory compliance, and disaster recovery. This course uses a case study to demonstrate how to apply these design principles to meet real-world requirements.
Learning Objectives
- Map compute, storage, and networking requirements to Google Cloud Platform services
- Create designs for high availability and disaster recovery
- Use appropriate authentication, roles, service accounts, and data protection
- Create a design to comply with regulatory requirements
Intended Audience
This course is intended for anyone looking to design and build an enterprise-class Google Cloud Platform infrastructure for their own organization.
Prerequisites
To get the most out of this course, you should have some basic knowledge of Google Cloud Platform.
The first step in giving secure access to your Google Cloud infrastructure is to decide how to authenticate your users. By default, Google Cloud Platform requires users to have a Google account to access it, but if you have more than a handful of users, then you’ll want to find a centralized way to manage your user accounts. The solution is to use either Google Workspace or Cloud Identity. If you already have a Google Workspace account for products like Google Docs, then you can use it to manage your GCP identities too. If you don’t have Google Workspace, then you can use Cloud Identity, which is built on the same platform as Google Workspace.
Most organizations already have a user directory, so the best policy is usually to manage users in your existing directory and then synchronize the account information in Google Workspace or Cloud Identity. There are 3 ways to do this: Google Cloud Directory Sync (or GCDS), the Google Apps Admin SDK, or a third-party connector.
Google Cloud Directory Sync is the easiest solution if you have either Active Directory or an LDAP server. It synchronizes users, groups, and other data from your existing directory to your Google Cloud domain directory. GCDS runs inside your network on a machine that you control.
It’s a one-way synchronization, so GCDS doesn’t modify your existing directory. Of course, the synchronization can’t be a one-time event. It has to happen on a regular basis to keep your Google directory up-to-date.
To make authentication even easier for your users, you can implement single sign-on (or SSO). Google Cloud Platform supports SAML 2.0-based SSO. If your system doesn't support SAML 2.0, then you can use a third-party plug-in.
Once you’ve implemented SSO, then when a user would normally have to log in, Google will redirect to your authentication system. If the user is already authenticated in your system, then they don’t have to log in to Google Cloud separately. If they aren’t already logged in, then they’re prompted to log in.
In order for this to work, your users must have a matching account in Google's directory, so you still need to use GCDS or one of the other synchronization options.
In our case study, since we have an Active Directory server, we will use GCDS for synchronization and also implement single sign-on. And that’s it for authentication.
Guy launched his first training website in 1995 and he's been helping people learn IT technologies ever since. He has been a sysadmin, instructor, sales engineer, IT manager, and entrepreneur. In his most recent venture, he founded and led a cloud-based training infrastructure company that provided virtual labs for some of the largest software vendors in the world. Guy’s passion is making complex technology easy to understand. His activities outside of work have included riding an elephant and skydiving (although not at the same time).