This document provides a workbook for designing cloud architectures on Google Cloud. It includes sections for defining a case study, writing user personas and stories, designing microservices and APIs, choosing data storage options, networking, security, disaster recovery, and cost planning. The user is prompted to fill in details for their specific application in each section, with examples provided.
Customer Case Study: Land Registry as a Service in the Cloud - AWS PS Summit ...Amazon Web Services
Landgate undertook transform this platform into an as-a-service offering for other land jurisdictions. How was this done? What is the security posture? What is the availability? What was the business impact? And why is it that inspecting Land Title certificates didn't result in people accidentally being shown pictures of Beyoncé. Come find out.
Speaker: James Bromberger, Associate Director & National Cloud Lead - Ajilon.
Level: 300
A1 Realty Technical Design
Proposal with AWS Cloud Native
Anita Luthra
– Hybrid Cloud Design / Arch / Migration
November 2020
NOTE: this is a FICTIONAL Real Estate Company
and any likeness to any company is strictly
coincidental, except as referenced
Data Con LA 2019 - Data warehouse and Kubernetes: Lessons from ClickHouse Ope...Data Con LA
Kubernetes Operators allow you to create custom resources in Kubernetes. They are popular for managing databases, which tend to be complex to manage. Our team built an operator to stand up ClickHouse, a popular open source data warehouse, in Kubernetes clusters. We'll share major learnings from this experience which we feel are applicable generally to running scalable, high performance databases in this environment. The talk starts with a level-set of Kubernetes, ClickHouse, and what an operator does. We'll then jump into the design of the ClickHouse operator example, covering challenges associated with the following problems:* Reducing the complexity of Kubernetes through definition of new resources for databases* Defining and managing storage* Performance, including comparative results which look pretty good* Monitoring* Upgrade and configuration changesKubernetes is not free from challenges, and we'll cover these as we touch on each point above. We'll conclude with a summary of reasons that we think Kubernetes is a great environment for data warehouses, based on our experience to date.
Cloud economics design, capacity and operational concernsMarcos García
Learn how to choose your e-commerce infrastructure, and how to forecast the TCO based on a simple model, including the explanations on how public, private and hybrid cloud computing work.
Customer Case Study: Land Registry as a Service in the Cloud - AWS PS Summit ...Amazon Web Services
Landgate undertook transform this platform into an as-a-service offering for other land jurisdictions. How was this done? What is the security posture? What is the availability? What was the business impact? And why is it that inspecting Land Title certificates didn't result in people accidentally being shown pictures of Beyoncé. Come find out.
Speaker: James Bromberger, Associate Director & National Cloud Lead - Ajilon.
Level: 300
A1 Realty Technical Design
Proposal with AWS Cloud Native
Anita Luthra
– Hybrid Cloud Design / Arch / Migration
November 2020
NOTE: this is a FICTIONAL Real Estate Company
and any likeness to any company is strictly
coincidental, except as referenced
Data Con LA 2019 - Data warehouse and Kubernetes: Lessons from ClickHouse Ope...Data Con LA
Kubernetes Operators allow you to create custom resources in Kubernetes. They are popular for managing databases, which tend to be complex to manage. Our team built an operator to stand up ClickHouse, a popular open source data warehouse, in Kubernetes clusters. We'll share major learnings from this experience which we feel are applicable generally to running scalable, high performance databases in this environment. The talk starts with a level-set of Kubernetes, ClickHouse, and what an operator does. We'll then jump into the design of the ClickHouse operator example, covering challenges associated with the following problems:* Reducing the complexity of Kubernetes through definition of new resources for databases* Defining and managing storage* Performance, including comparative results which look pretty good* Monitoring* Upgrade and configuration changesKubernetes is not free from challenges, and we'll cover these as we touch on each point above. We'll conclude with a summary of reasons that we think Kubernetes is a great environment for data warehouses, based on our experience to date.
Cloud economics design, capacity and operational concernsMarcos García
Learn how to choose your e-commerce infrastructure, and how to forecast the TCO based on a simple model, including the explanations on how public, private and hybrid cloud computing work.
Simplifying Microsoft Architectures with AWS ServicesAWS Summits
Discover how to architect fully available and scalable Microsoft solutions and environments on AWS. Find out how Microsoft solutions can work alongside various AWS services to boost resiliency, simplify architecture, provide scalability, and introduce DevOps concepts, such as compliance, governance, automation, and repeatability.
Bruno Laurenti, Solutions Architect, Amazon Web Services
Following simple patterns of good application design can allow you to scale your application for your customers easily. We'll dive into the 12 factor application design and demo how this applies to containers and deployments on Amazon ECS and Fargate. We'll take a look at tooling that can be used to simplify your work flow and help you adopt the principles of the 12 factor application.
In this White paper, Torry Harris Business Solutions carries out a high level comparison of the significant features delivered by key public cloud providers of the industry and key considerations that enterprises need to take into account while they embark on Cloud Computing.
1. Google Cloud Platform Load BalancingIntroductionGoog.docxblondellchancy
1. Google Cloud Platform Load Balancing
Introduction:
Google Cloud Platform Load Balancing enables you to disseminate load-adjusted process assets in single or different locales, to meet your high accessibility prerequisites, to put your assets behind a solitary anycast IP and to scale your assets up or down with keen Autoscaling. Cloud Load Balancing is completely incorporated with Cloud CDN for ideal substance conveyance.
Utilizing Cloud Load Balancing, you can serve content as close as conceivable to your clients, on a framework that can react to more than 1 million questions for each second. Cloud Load Balancing is a completely dispersed, programming characterized, oversaw administration. It isn't occasion or gadget based, so you don't have to deal with a physical burden adjusting foundation.
Types of Cloud Load Balancing:
External load balancing:
Use external load balancing when you need to distribute traffic from the Internet to a GCP network. GCP external load balancing offers the following:
· HTTP or HTTPS traffic: global HTTP(S) Load Balancing
· TCP traffic with SSL offload: global SSL Proxy Load Balancing
· TCP traffic without SSL offload: global TCP Proxy Load Balancing
· UDP traffic: regional Network TCP/UDP Load Balancing
· IPv4 or IPv6 clients
· Global or regional load balancing
Global load balancing requires that you use the Premium Tier.
Internal load balancing:
Use internal load balancing when you need to distribute traffic to instances within a GCP network. GCP Internal TCP/UDP Load Balancing offers the following:
· TCP or UDP traffic
· RFC 1918 load balancing
· Client IP address is preserved
· Health checks
· Autoscaling without prewarming
· Session affinity
· Regional load balancing
GCP Internal HTTP(S) Load Balancing (Beta) offers the following:
· HTTP(S) traffic
· RFC 1918 load balancing
· Health checks
· Autoscaling without prewarming
· Session affinity
· Regional load balancing
2. GCP Security Process:
Introduction:
GCP administrations are intended to convey a more grounded security framework than given by conventional on-premises arrangements. Since Google keeps running on a similar framework made accessible to its clients, associations get similar advantages from these securities.
GCP Security Services:
VPC Service Controls: An instrument that makes and controls a security edge around information put away in API-based administrations like Google Cloud Storage, Big Query, and Bigtable.
Cloud Security Command Center: The device allows clients to view and screen their cloud resources and gives significant security bolster capacities like stockpiling framework filtering, powerlessness identification, and access consents survey.
Access Transparency: Provides clients with a review log of approved regulatory gets to from Google Support and Engineering that tracks action encompassing client information.
Cloud Armor: Cloud Armor is a DDoS and application safeguard administration. It is manufactured .
Following simple patterns of good application design can allow you to scale your application for your customers easily. We'll dive into the 12 factor application design and demo how this applies to containers and deployments on Amazon ECS and Fargate. We'll take a look at tooling that can be used to simplfy your work flow and help you adopt the principles of the 12 factor application.
Privacy Issues of Cloud Computing in the Federal SectorLew Oleinick
Presentation describing potential privacy issues of implementing cloud computing in the Federal market.
NOTE: Presentation does NOT reflect any official agency position. All views expressed are my own.
Google Cloud Next '22 Recap: Serverless & Data editionDaniel Zivkovic
See what's new in #Serverless and #Data at GCP. Our guest, Guillaume Blaquiere - Stack Overflow contributor & #GCP #Developer Expert from France, covered the best #GoogleCloudNext announcements, practically demoed how to benefit from #BigQuery Remote Functions and answered many questions.
The meetup recording with TOC for easy navigation is at https://youtu.be/AuZZTwHIcdY
P.S. For more interactive lectures like this, go to http://youtube.serverlesstoronto.org/ or sign up for our upcoming live events at https://www.meetup.com/Serverless-Toronto/events/
As Kubernetes has emerged to be the infrastructure solution for many businesses when working with containers. There has been a lot of extensibility in the industry to use Kubernetes as a way to automate other infrastructure requirements. We have looked into current and emerging technologies around cloud service automation, from the terraform operator through to service brokers, with a view for developers being able to self-serve cloud services.
https://www.appvia.io/
https://github.com/appvia/kore
AWS RoadShow Manchester Part 3 - Getting Started with AWSIan Massingham
In part 3 of the materials from the July 8 AWS RoadShow in Manchester we discuss best practices for getting started with AWS and the next steps you can take to learn more about AWS and begin to use it to run your applications and other IT workloads.
AWS RoadShow Bristol - Part 2 Getting Started with AWSIan Massingham
In part 2 of the materials from the July 10 AWS RoadShow in Bristol we discuss best practices for getting started with AWS and the next steps you can take to learn more about AWS and begin to use it to run your applications and other IT workloads.
AWS RoadShow Dublin - Part 3 Getting Started with AWSIan Massingham
In part 3 of the materials from today's AWS RoadShow in Dublin we discuss best practices for getting started with AWS and the next steps you can take to learn more about AWS and begin to use it to run your applications and other IT workloads.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Simplifying Microsoft Architectures with AWS ServicesAWS Summits
Discover how to architect fully available and scalable Microsoft solutions and environments on AWS. Find out how Microsoft solutions can work alongside various AWS services to boost resiliency, simplify architecture, provide scalability, and introduce DevOps concepts, such as compliance, governance, automation, and repeatability.
Bruno Laurenti, Solutions Architect, Amazon Web Services
Following simple patterns of good application design can allow you to scale your application for your customers easily. We'll dive into the 12 factor application design and demo how this applies to containers and deployments on Amazon ECS and Fargate. We'll take a look at tooling that can be used to simplify your work flow and help you adopt the principles of the 12 factor application.
In this White paper, Torry Harris Business Solutions carries out a high level comparison of the significant features delivered by key public cloud providers of the industry and key considerations that enterprises need to take into account while they embark on Cloud Computing.
1. Google Cloud Platform Load BalancingIntroductionGoog.docxblondellchancy
1. Google Cloud Platform Load Balancing
Introduction:
Google Cloud Platform Load Balancing enables you to disseminate load-adjusted process assets in single or different locales, to meet your high accessibility prerequisites, to put your assets behind a solitary anycast IP and to scale your assets up or down with keen Autoscaling. Cloud Load Balancing is completely incorporated with Cloud CDN for ideal substance conveyance.
Utilizing Cloud Load Balancing, you can serve content as close as conceivable to your clients, on a framework that can react to more than 1 million questions for each second. Cloud Load Balancing is a completely dispersed, programming characterized, oversaw administration. It isn't occasion or gadget based, so you don't have to deal with a physical burden adjusting foundation.
Types of Cloud Load Balancing:
External load balancing:
Use external load balancing when you need to distribute traffic from the Internet to a GCP network. GCP external load balancing offers the following:
· HTTP or HTTPS traffic: global HTTP(S) Load Balancing
· TCP traffic with SSL offload: global SSL Proxy Load Balancing
· TCP traffic without SSL offload: global TCP Proxy Load Balancing
· UDP traffic: regional Network TCP/UDP Load Balancing
· IPv4 or IPv6 clients
· Global or regional load balancing
Global load balancing requires that you use the Premium Tier.
Internal load balancing:
Use internal load balancing when you need to distribute traffic to instances within a GCP network. GCP Internal TCP/UDP Load Balancing offers the following:
· TCP or UDP traffic
· RFC 1918 load balancing
· Client IP address is preserved
· Health checks
· Autoscaling without prewarming
· Session affinity
· Regional load balancing
GCP Internal HTTP(S) Load Balancing (Beta) offers the following:
· HTTP(S) traffic
· RFC 1918 load balancing
· Health checks
· Autoscaling without prewarming
· Session affinity
· Regional load balancing
2. GCP Security Process:
Introduction:
GCP administrations are intended to convey a more grounded security framework than given by conventional on-premises arrangements. Since Google keeps running on a similar framework made accessible to its clients, associations get similar advantages from these securities.
GCP Security Services:
VPC Service Controls: An instrument that makes and controls a security edge around information put away in API-based administrations like Google Cloud Storage, Big Query, and Bigtable.
Cloud Security Command Center: The device allows clients to view and screen their cloud resources and gives significant security bolster capacities like stockpiling framework filtering, powerlessness identification, and access consents survey.
Access Transparency: Provides clients with a review log of approved regulatory gets to from Google Support and Engineering that tracks action encompassing client information.
Cloud Armor: Cloud Armor is a DDoS and application safeguard administration. It is manufactured .
Following simple patterns of good application design can allow you to scale your application for your customers easily. We'll dive into the 12 factor application design and demo how this applies to containers and deployments on Amazon ECS and Fargate. We'll take a look at tooling that can be used to simplfy your work flow and help you adopt the principles of the 12 factor application.
Privacy Issues of Cloud Computing in the Federal SectorLew Oleinick
Presentation describing potential privacy issues of implementing cloud computing in the Federal market.
NOTE: Presentation does NOT reflect any official agency position. All views expressed are my own.
Google Cloud Next '22 Recap: Serverless & Data editionDaniel Zivkovic
See what's new in #Serverless and #Data at GCP. Our guest, Guillaume Blaquiere - Stack Overflow contributor & #GCP #Developer Expert from France, covered the best #GoogleCloudNext announcements, practically demoed how to benefit from #BigQuery Remote Functions and answered many questions.
The meetup recording with TOC for easy navigation is at https://youtu.be/AuZZTwHIcdY
P.S. For more interactive lectures like this, go to http://youtube.serverlesstoronto.org/ or sign up for our upcoming live events at https://www.meetup.com/Serverless-Toronto/events/
As Kubernetes has emerged to be the infrastructure solution for many businesses when working with containers. There has been a lot of extensibility in the industry to use Kubernetes as a way to automate other infrastructure requirements. We have looked into current and emerging technologies around cloud service automation, from the terraform operator through to service brokers, with a view for developers being able to self-serve cloud services.
https://www.appvia.io/
https://github.com/appvia/kore
AWS RoadShow Manchester Part 3 - Getting Started with AWSIan Massingham
In part 3 of the materials from the July 8 AWS RoadShow in Manchester we discuss best practices for getting started with AWS and the next steps you can take to learn more about AWS and begin to use it to run your applications and other IT workloads.
AWS RoadShow Bristol - Part 2 Getting Started with AWSIan Massingham
In part 2 of the materials from the July 10 AWS RoadShow in Bristol we discuss best practices for getting started with AWS and the next steps you can take to learn more about AWS and begin to use it to run your applications and other IT workloads.
AWS RoadShow Dublin - Part 3 Getting Started with AWSIan Massingham
In part 3 of the materials from today's AWS RoadShow in Dublin we discuss best practices for getting started with AWS and the next steps you can take to learn more about AWS and begin to use it to run your applications and other IT workloads.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
2. Proprietary + Confidential
1a. Defining your case study
Come up with a case study. Then fill in the next slide.
Examples:
● Online Banking Portal
● Ride sharing application (like Uber)
● Online shopping site
● Something else...
3. Proprietary + Confidential
1b. [Case Study Name Here]
Brief description:
List a few main features:
List roles of typical users:
4. Proprietary + Confidential
2a. Writing user personas
Create two user personas that describe typical users of your application.
Add a new slide for each persona.
Example persona:
Jocelyn is a busy working mom who wants to access MegaCorp Bank to check her account balances
and make sure that there are enough funds to pay for her kids' music and sport lessons. She also uses
the web site to automate payment of bills and see her credit account balances. Jocelyn wants to save
time and money, and she wants a credit card that gives her cash back.
5. Proprietary + Confidential
2b. Writing user stories
Create three user stories for the roles you defined earlier.
Create a new slide for each user story.
Example user story:
Balance Inquiry
As a checking account holder, I want to check my available balance at any time of day, so that I am sure
not to overdraw my account.
6. Proprietary + Confidential
3. Defining SLIs and SLOs
User story SLO SLI
Balance Inquiry Available 99.95% Fraction of 200 vs 500 HTTP responses from
API endpoint measured per day
Balance Inquiry 95% of requests complete in under 300 ms Time to last byte GET requests measured
every 10 seconds aggregated per minute
Based on the requirements of your case study, fill in the table on the next slide with SLOs and SLIs
as shown in the example below.
7. Proprietary + Confidential
3. Defining SLIs and SLOs
Based on the requirements of your case study, fill in the table below with SLOs and SLIs.
User story SLO SLI
9. Proprietary + Confidential
4. Design microservices for your application
Draw a diagram showing your application's microservices and their connections.
10. Proprietary + Confidential
5. Designing REST APIs
Service name Collections Methods
Account Service transactions list
deposit
withdraw
transfer
Fill in the table on the next slide with your services and their resources and operations as shown in
the example below.
11. Proprietary + Confidential
5. Designing REST APIs
Service name Collections Methods
Fill in the table with your services and their resources and operations.
12. Proprietary + Confidential
6. Defining storage characteristics
Service
Structured or
Unstructured
SQL or NoSQL
Strong or
Eventual
Consistency
Amount of
Data (MB, GB,
TB, PB, ExB)
Read only or
Read/Write
Account Service Structured SQL Strong GB Read/Write
On the next slide fill in the required storage features. Below is an example.
13. Proprietary + Confidential
6. Defining storage characteristics
Service
Structured or
Unstructured
SQL or NoSQL
Strong or
Eventual
Consistency
Amount of
Data (MB, GB,
TB, PB, ExB)
Read only or
Read/Write
Fill in the required storage features.
14. Proprietary + Confidential
7. Choosing Google Cloud Storage and Data Services
Service
Persistent
Disk
Cloud
Storage
Cloud
SQL
Firestore Cloud
Bigtable
Cloud
Spanner
BigQuery
Account
Service
X
On the next slide choose the Google Cloud storage products for each service.
Below is an example.
15. Proprietary + Confidential
7. Choosing Google Cloud Storage and Data Services
Choose the Google Cloud storage products for each service.
Service
Persistent
Disk
Cloud
Storage
Cloud
SQL
Firestore Cloud
Bigtable
Cloud
Spanner
BigQuery
16. Proprietary + Confidential
8a. Defining network characteristics for your services
Service
Internet facing
or Internal only
HTTP TCP UDP Multiregional?
Account Internal only X No
On the next slide fill in the required network features. Below is an example.
17. Proprietary + Confidential
8a. Defining network characteristics for your services
Service
Internet facing
or Internal only
HTTP TCP UDP Multi-Regional?
Fill in the required network features.
18. Proprietary + Confidential
8b. Select the load balancers for your services
Service
HTTP TCP UDP
Account X
On the next slide choose the Google Cloud load balancer product(s) for each service.
Below is an example.
19. Proprietary + Confidential
8b. Select the load balancers for your services
Service
HTTP TCP UDP
Choose the Google Cloud load balancer product(s) for each service.
20. Proprietary + Confidential
9. Diagramming your network
Auth
Service
UI
Products
Service
HTTPS
Global HTTP
Load Balancer
Products
Database
Customer
Service
Customer
Database
Accounts
Service
Accounts
Database
Third-Party VPC
On the next slide draw a diagram that depicts how your services will communicate over the network.
Include regions, zones, load balancers, CDN, and DNS if applicable. Below is an example.
21. Proprietary + Confidential
9. Diagramming your network
Draw a diagram that depicts how your services will communicate over the network. Include regions,
zones, load balancers, CDN, and DNS if applicable.
22. Proprietary + Confidential
10. Designing reliable, scalable applications
us-east-1
us-central1
UI
us-central1-a
UI
us-central1-b
us-central1-a
Orders
Service
Inventory
Service
us-central1-b
TCP Load
Balancer
us-central-1
Analytics
Service
Even if some service is down, we want the web frontend of our application to be available nearly all the
time. We also want the website to be fast with very low latency to users all over the world. On the next
slide, draw a diagram that depicts how we can achieve this using Google Cloud services. Below is an
example.
HTTPS
HTTP Global
Load Balancer
Cloud
SQL
Firestore
BigQuery
Inventory
Service
Failover
Orders
Service
Multi-regional Cloud Storage bucket for backups
23. Proprietary + Confidential
10. Designing reliable, scalable applications
Even if some service is down, we want the web frontend of our application to be available nearly all the
time. We also want the website to be fast with very low latency to users all over the world. Draw a
diagram that depicts how we can achieve this using Google Cloud services.
24. Proprietary + Confidential
11a. Disaster recovery scenario
You've deployed for high availability by replicating resources in multiple zones. However, to meet
regulatory requirements, you need a plan to recover from a disaster that brings down the entire region.
The current architecture is depicted below. On the next slide, create a plan to bring up your application
in another region if your main region is down. Below is an example.
us-central1-a
Orders
Service
Inventory
Service
us-central1-b
TCP Load
Balancer
us-central-1
Analytics
Service
Cloud
SQL
Firestore
BigQuery
Products
Service
Failover
Accounts
Service
25. Proprietary + Confidential
11a. Disaster recovery scenario
You've deployed for high availability by replicating resources in multiple zones. However, to meet
regulatory requirements, you need a plan to recover from a disaster that brings down the entire region.
The current architecture is depicted on the previous slide. Create a plan to bring up your application in
another region if your main region is down.
26. Proprietary + Confidential
11b. Service disaster recovery scenarios
Service Scenario
Recovery Point
Objective
Recovery Time
Objective
Priority
Ratings Service Programmer deleted
all ratings
accidentally
24 hours 1 hour Med
Orders Service Orders database
crashes
0 (can’t lose any
data)
2 minutes High
Write a high-level list of possible scenarios on the next slide. Below is an example.
27. Proprietary + Confidential
11b. Service disaster recovery scenarios
Service Scenario
Recovery Point
Objective
Recovery Time
Objective
Priority
Write a high-level list of possible scenarios.
28. Proprietary + Confidential
11c. Resource disaster recovery plans
Resource Backup Strategy Backup Location Recovery Procedure
Ratings Database Daily automated backups Multi-Regional Cloud
Storage Bucket
Run Restore Script
Orders Database Failover replica plus daily
backups
Multi-zone deployment Automated
For each scenario, fill in the table on the next slide. Below is an example.
29. Proprietary + Confidential
11c. Resource disaster recovery plans
Resource Backup Strategy Backup Location Recovery Procedure
For each scenario, fill in the table.
30. Proprietary + Confidential
12. Modeling secure Google Cloud services
Draw a diagram on the next slide that depicts how you will secure your services. Include firewalls, IAM
roles, service accounts and network resources as appropriate. Below is an example.
HTTPS
Firewall Rules:
Allow HTTPS from 0.0.0.0/0
Allow SSH from known sources
Subnets:
us-central1
us-east1
Custom VPC
Google Cloud Armor Block
denied IPs
HTTP
Global Load Balancer
31. Proprietary + Confidential
12. Modeling secure Google Cloud services
Draw a diagram that depicts how you will secure your services. Include firewalls, IAM roles, service
accounts and network resources as appropriate.
32. Proprietary + Confidential
13. Cost estimating and planning
Service name Google Cloud Resource Cost
Accounts Cloud SQL $574.71/month
Use the pricing calculator to determine and record on the next slide the cost of your microservices.
Below is an example.
33. Proprietary + Confidential
13. Cost estimating and planning
Service name Google Cloud Resource Cost
Use the pricing calculator to determine and record the cost of your microservices.