Date created: February 10, 2019
Last updated: March 13, 2019
Update: March 13, 2019. I passed this certification.
Update: February 21, 2019. Bad news. My work schedule has been so long each day that I have not been able to study at all during the evenings. That is the reason that this article has not been updated. I will be taking the exam tomorrow with no preparation. I will have to trust my knowledge of and experience with Google Cloud Platform. I cannot change the date as this is the last day that the exam is available. This is just the reality that sometimes you are required to put your job and your customers first. I will post an update after taking the exam.
On January 24, 2019, Google announced two new professional level certifications. The security certification beta starting February 8, 2019, and ending February 28, 2019. For the networking certification beta, February 2 to February 23, 2019. Those are the dates that are available in my area (Seattle).
I have decided to take the network certification beta also. I signed up with Kryterion to take the exam on February 22, 2019. The exam is four hours long and should be very challenging. This blog will track my progress as I prepare to take this certification and the results. I am also taking the Professional Cloud Security Engineer exam tomorrow. Then I only have ten days to prepare after tomorrow’s exam, so this should be interesting given that I do not have another Google Cloud certification. I do have both AWS specialty certifications for security and networking. My other certifications are listed here. Read my article on preparing for the Professional Cloud Security Engineer here.
I have worked with Google Cloud off and on again for about eight years. However, starting in 2018 I started to work with Google Cloud a lot. Google’s services and market really started to take off last year. I think the reason is due to their excellent big data platforms. I feel that I have a good chance of passing the network certification exam.
Special Mention: Google Qwiklabs
As part of my goal to really dig deep into Google Cloud Platform, I used Google Qwiklabs almost every day for four months. I continue to use Qwiklabs often. During the past four months, I completed 20 Quests and over 215 labs. The ability to follow predesigned labs for practice is very useful when combined with consistent everyday study sessions. Qwiklabs has a great value and protects you from unplanned expenses when you forget and leave resources running in the cloud. Just like cooking in the kitchen, following a recipe gives you a foundation to the build upon and create your own recipes.
Link to my profile on Google Qwiklabs.
Google Cloud Developer’s Cheat Sheet
Networking section from Greg’s poster:
February 12, 2019 – Day #1 – Preparation Start:
- A thorough review of the certification exam guide. I printed this document and then checked off every area that I was not at an advanced level with. I then narrowed down this list to 10 areas to focus on, one per day.
- From CCIE to Google Cloud Network Engineer: four things to think about
- CCIE is a very well-respected certification that really means you are an expert. So much so that I would call “CCIE” a title. This article is from a CCIE about his transition to the cloud. Very good article.
- Google is offering a webinar Networking in Google Cloud Platform: Getting Started and Getting Certified on February 22, 9:45 AM to 10:30 AM PST.
- A Cloud Guru offers the course Certified Advanced Networking – Specialty. This course is designed for AWS, but a major part of the course is just networking that is cloud agnostic. This was one of the materials that I used for the AWS certification. You should know in detail 75% of this course for GCP. This is my favorite course for cloud networking and I highly recommend that you study a large part of this course. I will repeat large sections of this course as I prepare for Google’s network exam.
- Watch Chapter 2 – Networking Refresher
- Watch Chapter 4 – Design & Implement Hybrid Networks at Scale
- My article: Google Cloud Private DNS Zones. Understanding DNS is very important for Google Cloud.
- Over the past few months, I have taken a number of courses by “Loonycorn” authors: Janani Ravi and Vitthal Srinivasan. They are specializing in Google Cloud Platform and Google Big Data. Their courses are very good. Last month they released a number of new Google courses on Pluralsight. Click each author’s name above to see the course list. I will be including these courses in my studies: Leveraging Advanced Networking and Load Balancing Services on the GCP and Designing Scalable Data Architectures on the Google Cloud.
- I highly recommend Pluralsight for training courses. Their courses are very consistent with a high level of quality. So much so that I always have a paid subscription. Most months I pick a random course from Pluralsight just to learn something new or to refresh something old.
Total time spent today: about 3 hours.
February 13, 2019 – Day #2 – Data Center to GCP
- Enter the Andromeda zone – Google Cloud Platform’s latest networking stack
- Andromeda 2.1 reduces GCP’s intra-zone latency by 40%
- Introducing QUIC support for HTTPS load balancing
- Espresso makes Google cloud faster, more available and cost effective by extending SDN to the public internet
- Private Access Options for Services
- Hybrid Connectivity – Reliably Extending Your Enterprise Network to GCP (Cloud Next ’18)
- Very good video. This is a video you will want to watch twice. The second time thru make lots of notes and do deep dives on each section.
Interesting new term: ALTS
Google’s Application Layer Transport Security (ALTS) is a mutual authentication and transport encryption system developed by Google and typically used for securing Remote Procedure Call (RPC) communications within Google’s infrastructure. ALTS is similar in concept to mutually authenticated TLS but has been designed and optimized to meet the needs of Google’s data center environments.
Interesting new product / technology: BoringSSL
BoringSSL is a fork of OpenSSL that is designed to meet Google’s needs. Currently, BoringSSL is the SSL library in Chrome/Chromium, Android (but it’s not part of the NDK) and a number of other apps/programs.
- Google Andromeda
- Google Cloud customers now enjoy significantly improved intra-zone network latency with the release of Andromeda 2.1, a software-defined network (SDN) stack that underpins all of Google Cloud Platform (GCP). The latest version of Andromeda reduces network latency between Compute Engine VMs by 40% over Andromeda 2.0 and by nearly a factor of 8 since we first launched Andromeda in 2014.
- Legacy Networks
- Network performance is related to VM core count.
- Private Google Access enables VM instances with only internal (private) IP addresses (no external IP addresses) to reach the public IP addresses of Google APIs and services. You enable Private Google Access at the subnet level. When enabled, instances in the subnet that only have private IP addresses can send traffic to Google APIs and services through the default route (0.0.0.0/0) with a next hop to the default Internet gateway.
- A VPC Service Controls service perimeter controls access to Google APIs and services. To enable Private Google Access within a service perimeter, your VM instances must send requests to restricted.googleapis.com instead of *.googleapis.com. Enabling this feature provides access to supported Google APIs and services.
- Jupiter Data-center Fabric
- 40G data center fabric
- SDN centralized software control stack
- 1 Petabit/sec total bi-sectional bandwidth.
- B4 Backbone
- Datacenter to Datacenter
- SDN platform
- High throughput (multiple terabits)
- B2 Backbone
- Google to the Internet
- Protected network with high SLA
- Traffic is carried as far as possible on Google (cold potato)
- SDN to Peering Edge
- Faster, Low-latency access to Google Services – best availability & user experience
- Dynamically choose from where to serve customers based on end-to-end requirements.
- Access Transparency
- Trust is paramount when choosing a cloud provider. We want to be as open and transparent as possible, allowing customers to see what happens to their data. Now, with Access Transparency, we’ll provide you with an audit log of authorized administrative accesses by Google Support and Engineering, as well as justifications for those accesses, for many GCP services, and we’ll be adding more throughout the year. With Access Transparency, we can continue to maintain high performance and reliability for your environment while remaining accountable to the trust you place in our service.
Total time spent today: about 4 hours.
To be continued each day as I prepare for the Google Professional Network Engineer Certification beta exam.
I design software for enterprise-class systems and data centers. My background is 30+ years in storage (SCSI, FC, iSCSI, disk arrays, imaging) virtualization. 20+ years in identity, security, and forensics.
For the past 14+ years, I have been working in the cloud (AWS, Azure, Google, Alibaba, IBM, Oracle) designing hybrid and multi-cloud software solutions. I am an MVP/GDE with several.