WA3213
GCP Networking and Security Training
This Google Cloud training course teaches attendees how to secure a Google Cloud Platform (GCP) environment. This course explores core concepts like resource hierarchy, VPC networking, and Compute Engine security. This class then tackles advanced topics like Cloud NAT, Private Google Access, and Cloud Interconnect, all designed to safeguard valuable data and applications on GCP.
Course Details
Duration
Objectives
- Master GCP security fundamentals, including resource hierarchy, IAM policies, and core security concepts
- Learn to create and manage VPC networks, configure firewalls, and leverage Cloud Load Balancing
- Gain insights into securing Compute Engine VMs, including storage options and gVNIC
- Explore Cloud NAT, Private Google Access, VPC Network Peering, and Cloud VPN for robust traffic management
- Understand Cloud Interconnect options for high-performance and secure connections to your GCP resources
Course Outline
- Secure Design of Google Cloud Infrastructure
- Google Cloud Resources
- Global, Regional, and Zonal Resources
- Regions and Zones
- Multiregional Resources
- Network Edge Locations
- State-of-the-art Data Centers
- Encryption of Inter-service Communication
- Global Products (Networking category only)
- Overview of Networking Products on Google Cloud
- Projects
- Resource Hierarchy
- Policy Inheritance through the Hierarchy
- Organization Administrators
- Folder Resource
- Project Resource
- IAM Policy Inheritance
- Automatic Policy Updates
- VPC Virtual Private Cloud
- VPC Connectivity
- VPC Routes
- VPC Subnet Routes
- Static Routes
- Dynamic Routes
- Multiple Network Interfaces
- Use Cases for Multiple Interfaces
- VMs and Google Virtual NIC
- Compute Engine
- Lifecycle of the VM Instance
- Compute Engine Machine Families
- Compute Engine Machine Families [2]
- Types of Storage Options for Compute Engine
- Local SSDs
- Persistent Disks
- Cloud Storage Buckets for VMs
- Google Virtual NIC (gVNIC)
- Cloud Load Balancing
- Single Anycast IP Address
- Software-defined Load Balancing
- Layer 4 and Layer 7 Load Balancing
- External/Internal and Global/Regional Load Balancers
- Cloud Load Balancing
- Eight Types of Load Balancers on Google Cloud
- VPC Firewall Rules
- Firewall Rule Components
- VPC Firewall Rule Specifications
- VPC Firewall Rule Priority
- Action on Match
- Rule Enforcement
- Target Parameter
- Cloud NAT
- Cloud NAT (Inbound vs. Outbound) and DNAT
- Cloud NAT, Cloud Router, and Google Cloud VMs
- Cloud NAT and Firewall Rule Evaluation
- Private Google Access
- Subnet-level Traffic Control
- Public IPs and Private Google Access
- Supported Services
- Shared VPC
- Shared VPC Subnets and IP Addresses
- Shared VPC as a Host Project vs a Service Project
- VPC Network Peering
- VPC Network Peering Advantages
- Key Properties for Peered VPC Networks
- Import and Export of Custom Routes
- Cloud VPN
- HA VPN
- HA VPN to AWS Peer Gateways
- HA VPN Between Google Cloud Networks
- HA VPN and IP Addressing
- Cloud Router
- BGP services by Cloud Router
- Cloud Router in a Multicloud Network
- IPv6 support by Cloud Router
- Types of Subnets
- VPC Service Controls
- Context-aware Access Control
- VPC Service Controls vs. Identity and Access Management (IAM)
- Capabilities of VPC Service Controls
- Use Case for VPC Service Controls
- Examples of a security boundary by the VPC Service Controls
- Cloud Interconnect - Dedicated
- Special Requirements for Dedicated Interconnect
- VLAN Attachment with a Cloud Router
- Provisioning of the Dedicated Interconnect Connection
- Monitor Cloud Interconnect Connections
- Google SLA for Cloud Interconnect Connections
- Cloud Interconnect - Partner
- Provisioning of Partner Interconnect
- Layer 2 vs. Layer 3 Connectivity
- Basic Topology (Layer 2)
- Basic Topology (Layer 3)
- Redundancy and SLA
- 99.99% Availability Topology
Upcoming Course Dates
