Compute Engine

Question 1

What is Compute Engine?

Answer 1

• high performance, scalable VM’s, available in preconfigured or custom machine types
• flexible pricing and automatic sustained use discounts
• runs over Google’s private global fiber network
• fast and efficient networking
• up to 64TB persistent disk with local ssd option
• transparent maintenance
• global load balancing
• Preemptible VM’s for batch processing Compute Engine instances can run the public images for Linux and Windows Server that Google provides as well as any private images that you create or import to Compute Engine. You can also build and run images of other operating systems. You can choose the machine properties of your instances, such as the number of virtual CPUs and the amount of memory, by using a set of predefined machine types or by creating your own custom machine types.

Question 2

What are the tools to manage Compute Engine instances?

Answer 2

• Google Cloud Platform Console
• gcloud command-line tool
• REST API
• SSH for Linux, RDP for Windows for advanced configuration

Question 3

What are the different machine types available on Compute Engine?

Answer 3

• Predefined machine types: standard, high-memory, high-cpu, shared core, mega-memory
• Custom machine types: specify cpu/ram
• GPU’s can be attached

Question 4

To what instances can you NOT attach a GPU?

Answer 4

• shared core machine types (micro & small)
• preemptible instances

Question 5

When should Compute Engine be used for running containers?

Answer 5

When you need complete control over your container environment and your container orchestration tools.

Question 6

When should Kubernetes Engine be used for running containers?

Answer 6

To simplify cluster management and container orchestration tasks so that you do not need to manage the underlying virtual machine instances.

Question 7

How would you create a high-performance SQL Server instance?

Answer 7

• Compute Engine high-memory instance
• Preconfigured SQL Server image
• SSD persistent disk storage: for high-performance sotrage of database files
• Local SSD disk : for high-performance tempdb and Windows paging file, staging data or backups
• Set power-profile to ‘High-Performance’ instead of ‘Balanced’ - Send log and db/data files to SSD persistent disk storage
• Grant ‘Lock pages in memory’ to MSSQLSERVER to prevent pagefile swapping from physical to virtual memory
• Grant ‘perform volume maintenance tasks’ to MSSQLSERVER to setup support for ‘instant file initiailization’ (allocating disk space for an application)
• Split TempDB to at least 4 files
• Set ‘max degree of parallelism’ and ‘max server memory’

Question 8

What are some best-practices for SQL Server instance?

Answer 8

• Use the Windows Server Advanced Firewall, specifying the client IP addresses of your client computers
• Use the OS default network settings
• Follow/Use Microsoft guidance for anti-virus software
• Use a separate SSD persistent disk for log and data files
• Use local SSD to improve IOPS: tempdb and pagfile
• Monitor and maintain the growth of transaction logs. schedule backups - Optimize virtual log files
• Perform regular index defragmentation
• Perform regular backups
• Use Stackdriver monitoring
• Validate your setup

For Enterprise Edition:

• Use the ‘buffer pool’ extension, to speed data access from a cached data mirror
• Use compressed tables

Question 9

What are ‘SQL Server Availability Groups?

Answer 9

• multiple SQL Server Enterprise instances can be configured to use Windows Server Failover and SQL Server AlwaysOn Aailability Groups, to support high-availability and disaster recovery

Requires:

1) Setting up a custom VPC network with sub-nets and firewall rules allowing traffic to internal interfaces addresses, and to allow RDP on port 3389
2) Creating a Windows domain controller with AD
3) Creating SQL Server cluster instances for the Availability Group
4) Configuring the Failover Cluster Manager
5) Create the Availability Group in SQL Server Mgmt Studio.

Question 10

Talka about ‘Instances and networks’ on Compute Engine.

Answer 10

• Each instance belongs to a Google Cloud Platform Console project, and a project can have one or more instances. When you create an instance in a project, you specify the zone, operating system, and machine type of that instance. When you delete an instance, it is removed from the project.
• A project can have up to five VPC networks, and each Compute Engine instance belongs to one VPC network. Instances in the same network communicate with each other through a local area network protocol. An instance uses the Internet to communicate with any machine, virtual or physical, outside of its own network.

Question 11

What storage options are available for Compute Engine instances?

Answer 11

• By default, each Compute Engine instance has a single root persistent disk that contains the operating system.

-

Question 12

What is and how do you use load-balancing and autoscaling on Compute Engine?

Answer 12

1. GCP load-balancing uses forwarding rules to match traffic and forward it to a load-balancer
2. GCP load-balancing is a mamanaged service, redundant and highly-available
3. Compute Engine offers auto-scaling to add and remove VM’s from an Instance Group based on load and policy configuration
   
   • Policies: CPU Utilization, LB capacity, Stackdriver monitors

Question 13

When is Connectiion Draining triggered for a Compute instance?

Answer 13

• When it is removed from an instance group

Question 14

What are the 5 different compute engine roles?

Answer 14

• Compute Engine Admin Full control of Compute Engine resources
• Compute Engine Network Admin Full control of all Compute Engine networking resources
• Compute Engine Security Admin Full control of all Compute Engine security resources

Compute Engine Viewer Read-only access to get and list information about all Compute Engine resources, including instances, disks, and firewalls. Allows getting and listing information about disks, images, and snapshots, but does not allow reading the data stored on them.

• Compute Service Agent Gives Compute Engine Service Account access to assert service account authority. Includes access to service accounts.

Question 15

What is auto healing?

Answer 15

To ensure that an application runs properly and remains available, a cloud engineer should configure an autohealing policy for a managed instance group.

Autohealing ensures the system is always operational by relying on health check signals sent to an application.

Question 16

What is autoscaling?

Answer 16

Autoscaling is appropriate when there is a need to add or remove instances from a MIG. Load capacity determines the use of autoscaling.

Question 17

What is auto updating?

Answer 17

MIGs allow for the automatic updating of instances. Based on self-determined configurations, it is possible to deploy a new version of software to one or more instances in a MIG.

Question 18

What are instance templates?

Answer 18

You can create a repeatable virtual machine or managed instance group (MIG) resource called an instance template. An instance template requires an administrator to identify the machine type, boot disk image or container image, labels, and relevant VM properties just one time.

Question 19

What are snapshots for?

Answer 19

Taking a snapshot of the Compute Engine persistent disk has several purposes. The first purpose is to quickly back up a disk to mitigate any potential lost data.

Question 20

What discounts are available for Compute Engine?

Answer 20

• committed use - When you purchase a committed use contract, you purchase Compute Engine resources—such as vCPUs, memory, GPUs, local SSDs, and sole-tenant nodes—at a discounted price in return for committing to paying for those resources for 1 year or 3 years. The discount is up to 57% for most resources like machine types or GPUs.
• Sustained Use - Compute Engine offers sustained use discounts on resources that are used for more than 25% of a billing month and are not receiving any other discounts.
• Preemptible Use - Preemptible VM instances are available at much lower price—a 60-91% discount—compared to the price of standard VMs. However, Compute Engine might stop (preempt) these instances if it needs to reclaim the compute capacity for allocation to other VMs. Run for max of 24 hours, but can be taken away.

Question 21

When you enable CPU overcommit on sole-tenant nodes what is the effect?

Answer 21

When you enable CPU overcommit on sole-tenant nodes. This allows you to share spare CPU cycles across instances and is especially useful when a workload typically under-utilizes CPU and can tolerate some performance fluctuations. When you overcommit CPU resources, you specify the minimum number of CPUs that are allocated to a VM.

Question 22

Shielded VMs are instances with enhanced security controls, including the what?

Answer 22

Secure boot
vTPM
Integrity monitoring

• Secure boot runs only software that is verified by digital signatures of all boot components using UEFI firmware features. If some software cannot be authenticated, the boot process fails. Software is authenticated by verifying the digital signature of boot components are in a secure store of approved keys.
• Virtual Trusted Platform Module (vTPM) is a virtual module for storing keys and other secrets. vTPM enables Measured Boot, which takes measurements to create a known good boot baseline, which is known as the integrity policy baseline. That baseline is used for comparisons with subsequent boots to detect any differences.
• Integrity monitoring compares the boot measurements with a trusted baseline and returns true if the results match and false otherwise. Logs are created for several types of events, including clearing the secrets store, early boot sequence integrity checks, late boot sequence integrity checks, updates to the baseline policy, and enabling/disabling Shielded VM options.

Question 23

MIGs provide several advantages, including the:l

Answer 23

• Maintaining a minimal number of instances in the MIG. If an instance fails, it is automatically replaced.
• Autohealing using application health checks. If the application is not responding as expected, the instance is restarted.
• Distribution of instances across a zone. This provides resiliency in case of zonal failures.
• Load balancing across instances in the group.
• Autoscaling to add or remove instances based on workload.
• Auto-updates, including rolling updates and canary updates.
• Rolling updates will update a minimal number of instances at a time until all instances are updated.
• Canary updates allow you to run two versions of instance templates to test the newer version before deploying it across the group.

Question 24

There are two modes of operation in Kubernetes Engine?

Answer 24

There are two modes of operation in Kubernetes Engine: standard and autopilot. In standard mode you have the most flexibility and control over the configuration of the cluster, including the infrastructure. This is a good option when you would like control over whether you use zonal or regional clusters, use routes-based networking, and select the version of Kubernetes you run. When running in standard mode, you pay per node provisioned.

In standard mode, you can choose between zonal and regional clusters. Zonal clusters have a single control plane in a single zone. A single-zone cluster has nodes running in the same zone as the control plane. A multizonal cluster has a single control plane running a zone but has nodes running in multiple zones. This has the advantage that workloads can run in a zone if there is an outage in the other zones. A regional cluster has multiple replicas of the control plane running in multiple zones of a single region. Node pools are replicated across three zones in regional clusters by default, but you can change that configuration during cluster setup.

In autopilot mode, GKE provides a preconfigured provisioned and managed cluster. Autopilot mode clusters are always regional and use VPC-native network routing. With autopilot mode you will not have to manage compute capacity or manage the health of pods. Nodes and node pools are managed by GKE. When using autopilot, you pay only for CPU, memory, and storage that pods use while running.

GKE also provides the option of creating private clusters, in which nodes have only internal IP addresses. This isolates nodes in the cluster from the internet by default.

Question 25

What is Vertex AI
Vertex AI is the combination of two prior Google Cloud services?

Answer 25

Vertex AI
Vertex AI is the combination of two prior Google Cloud services, AutoML and AI Platform. Vertex AI provides a single API and user interface. Vertex AI supports both customer training of machine learning models and automated training of models using AutoML. Vertex AI includes several components, such as the following:

Training using both AutoML automated training and AI custom training
Support for ML model deployment
Data labeling, which allows you to request human assistance in labeling training examples for supervised learning tasks
Feature store, which is a repository for managing and sharing ML features
Workbench, which is a Jupyter notebook-based development environment

Question 26

Cloud Pub/Sub is a good option for buffering data between services. It supports both push and pull subscriptions.

Answer 26

With a push subscription, message data is sent by HTTP POST request to a push endpoint URL. The push model is useful when a single endpoint processes messages from multiple topics. It’s also a good option when the data will be processed by an App Engine Standard application or a Cloud Function. Both of those services bill only when in use, and pushing a message avoids the need to check the queue continually for messages to pull.

With a pull subscription, a service reads messages from the topic. This is a good approach when processing large volumes of data and efficiency is a top concern.

Question 27

Cloud Dataproc is a managed?

Answer 27

Cloud Dataproc is a managed Spark and Hadoop service that is widely used for large-scale batch processing and machine learning.

Spark also supports stream processing.

Cloud Dataproc creates clusters quickly so they are often used ephemerally.

Cloud Dataproc clusters use Compute Engine virtual machines and can use preemptible instances as worker nodes.

It also supports Workflows Templates, which implements workflows as directed acyclic graphs.

Cloud Dataproc has built-in integration with BigQuery, Bigtable, Cloud Storage, Cloud Logging, and Cloud Monitoring.

Question 28

Synchronous and Asynchronous Operations?

Answer 28

In some cases, the workflow is simple enough that a synchronous call to another service is sufficient.

Synchronous calls are calls to another service or function that wait for the operation to complete before returning; asynchronous calls do not wait for an operation to complete before returning.

Authorizing a credit card for a purchase is often a synchronous operation. The process is usually completed in seconds, and there are business reasons not to proceed with other steps in the workflow until payment is authorized.

Question 29

Understand when to use different compute services?

Answer 29

• GCP compute services include Compute Engine, App Engine, Cloud Run, Kubernetes Engine, Anthos, and Cloud Functions. Compute Engine is an IaaS offering. You have the greatest control over instances, but you also have the most management responsibility.

App Engine is a PaaS that comes in two forms. App Engine Standard uses language-specific sandboxes to execute your applications. App Engine Flexible lets you deploy containers, which you can create using Docker.

Cloud Run is another alternative for deploying stateless containers using a managed service.

Kubernetes Engine is a managed Kubernetes service. It is well suited for applications built on microservices, but it also runs other containerized applications. Anthos is used to manage Kubernetes clusters deployed across multiple clouds and on-premises.

Cloud Functions is a service that allows you to execute code in response to an event on GCP, such as a file being uploaded to Cloud Storage or a message being written to a Cloud Pub/Sub topic.

Question 30

Know the difference between App Engine Standard and App Engine Flexible.

Answer 30

App Engine Standard employs language-specific runtimes, while App Engine Flexible uses containers that can be used to customize the runtime environment.

Question 31

What choices do you make when picking a persistent disk?

Answer 31

First, you have to choose a Zonal or Regional disk type. As the name specifies Zonal persistent disks have disks available in a single Zone. Still, regional disks offer durable storage and redundancy of data between two zones in the same region.

Standard persistent disks are just like using standard hard disk drives (HDD).

Balanced persistent disks are just like using solid-state drives (SSD) but with balanced performance and cost.

SSD persistent disks are just like using solid-state drives (SSD).

Now about the backup solution. Let’s try to understand with the help of an example, If you have ever used a portable HDD or SSD, you might have heard of accidentally dropping the disk, or suddenly the disk stops working if something goes wrong for any reason. To avoid such cases, we should always have a backup ready.

Question 32

What choices do you make with Snapshots?

Answer 32

In Google Cloud, there are two ways that one can use to keep data safe and enable point-in-time recovery. One common way to create a Google Cloud backup is to create a Snapshot manually, but that is not sufficient to protect the data, we cannot ensure if all the data is protected, let’s say the manual snapshot is too old. Here we can create the snapshots automatically at a given schedule with the frequency you choose depending on the updates you make on data. You can also choose the time to retain the snapshot using the snapshot retention policy. They allow you to create a point-in-time backup of a persistent disk and save it to Google Cloud Storage.

A snapshot is an incremental copy of your data—the first snapshot contains all the data after that snapshots only save data blocks that changed after the last snapshot. You can refer to the below diagram. It is quite clear from the diagram.

You can choose between the given location options when saving a snapshot:

Multi-regional location— Saving a snapshot in a multi-regional location means the snapshot will be replicated across multiple regions.

Regional location— Saving a snapshot to a regional location means the snapshot will be stored in one region only and allows you to choose the specific region it will be stored in.