Architecture Framework Flashcards
What are the areas of a well-architected framework?
PROS Performance and cost optimization Reliability Operational excellence Security and compliance
What design areas and GCP tools are covered within “performance and cost optimization”?
Evaluate performance requirements, use scalable design patterns, identify and implement cost-saving approaches.
Performance requirements - Cloud Trace, Cloud Debugger, Cloud Profiler
Scalability - GCE, GKE, Dataproc, Dataflow, App Engine, Cloud Functions, Cloud Run
Analyze/optimize costs - export billing to BigQuery, visualize billing data using BI tool, select appropriate GCE instance (i.e. Preemptible VM), use Google Cloud Pricing Calculator
What design areas and GCP tools are covered within “security and compliance”?
Identity and auth controls (principle of least privilege), build a layered security approach (at every level of application and infra), use automated monitoring/auditing
Authentication & authorization - IAM, BeyondCorp Enterprise (zero-trust solution), Cloud Asset Inventory, Cloud Audit Logs
Compute - Shielded VMs, Workload Identity, GKE Sandbox
Network - VPC Service Controls, Traffic Director, Security Command Center, Event Threat Detection, Istio
What design areas and GCP tools are covered within “reliability”?
Defined and measurable reliability objectives; app designed for scalability, HA, automated change mgmt; self-healing with observability; use automated deployment; build efficient alerting, build collaborative incident mgmt process
What design areas and GCP tools are covered within “security and compliance”?
Contractual protections and third-party attestations (i.e. ISO); manage IAM (i.e. principle of least privilege), build a layered security approach (compute, network, and data security), use automation where possible, audit your infra
Authentication & authorization - IAM, BeyondCorp Enterprise (zero-trust solution), Cloud Asset Inventory, Cloud Audit Logs
Compute - Shielded VMs, Workload Identity, GKE Sandbox
Network - VPC Service Controls, Traffic Director, Security Command Center, Event Threat Detection, Istio, Packet Mirroring
Data security - Cloud KMS, Cloud DLP
Automation - Container Registry, Binary Authorization, Container Analysis, Security Command Center
Audit - Cloud Audit Logs, Cloud Logging, Access Transparency
What are ways GC maintains compliance?
Maintain ISO 27001, 27017, 27018 certifications and updating SOC 2 and SOC 3 reports every year; access controls, auditing, and approval process for customer environments
What are ways GC provides controls around authentication and authorization?
Admins can use IAM policies, which provide granular control to the resource level. I always recommend following security best practices and following the principle of least privilege.
What does it mean for a workload to be reliable? What’s an example where you’ve applied this concept at work?
The workload performs consistently and correctly when it’s expected to. It’s also resilient - it quickly recovers from failures to meet business and customer needs.
What are key concepts within the operational excellence pillar?
Operational excellence focuses on how your organization supports overall business objectives. It looks at how to effectively run and monitor your workloads and continuously improving processes and procedures.
IMOW… the business requirements, “DevOps and observability” pillar, service-level KPIs, event mgmt, incident response, continuous feedback, resource readiness (training), Splunk On Call, Phantom
What design principles are covered within the operational excellence pillar?
Perform operations as code Make frequent, small, reversible changes Regularly refine operations procedures Anticipate failure Learn from all operational failures - "what are the lessons learned?"
What are key questions to ask around operational excellence?
Who are your key external customers (key stakeholders)?
Who are your main internal customers?
If you had to prioritize your business objectives, and I know they’re all important, in what order do you think we should focus our efforts?
What activities do you think would have the greatest impact on meeting your business objectives (i.e. improving workload performance, reducing costs, automating runbooks, enhancing monitoring)?
What governance and regulatory requirements does your organization need to operate under, both internal and external?
What key risks/threats do you see to your business? Either existing or down the road?
What are some tradeoffs around database design?
Migration timeline goal vs using a database that’s right for your data (relational vs non-relational)