[GCP공부] Coursera: Google Cloud Platform Fundamentals: Core Infrastructure - Virtual Machines in the Cloud

Module Introduction

배울거; How Google Compute Engine works with a focus on Google virtual networking. 

Virtual Machine 이라고 하는 이유는: 내가 다 구성할수 있기 대문이야 실제 머신처럼. (Power, GPU, Momory, CPu Power.. )

Virtual Private Cloud (VPC) Network

VPC Network 기본: You can segment your networks, use firewall rules to restrict access to instances, 

and create static routes to forward traffic to specific destinations. 

구글만의 주요특징: The Virtual Private Cloud networks that you define have global scope

1. They can have subnets in any GCP region worldwide and subnets can span the zones that make up a region. (밑에 이미지처럼 걸처있는거)

This architecture makes it easy for you to define your own network layout with global scope.

 

2. You can also have resources in different zones on the same subnet.  (동일한 서브넷의 서로 다른 region에 있는 resource를 공유할 수 있다.)

You can dynamically increase the size of a subnet in a custom network by expanding the range of IP addresses allocated to it 

 

3.  subnets have regional scope. subnet은 VPC가 아니야, networks 는 global이지, VPC entwork는 프로젝트 하위고 

They're neighbors on the same subnet even though they are in different zones

이런식으로 구성하면 You can use this capability to build solutions that are resilient but still have simple network layouts. 있다고 한다. 왜인지는 완전 체감이 안됨.

주요: 서브넷 사이즈를 늘리게 되도, 이미적용되었던 virtual machines 의 IP가 영향을 받지 않는다

 

VPC Network 는 존과 상과없는거지 Region과는 연관이 있음.

VPC subnets can span the zones that make up a region. This is beneficial because your solutions can incorporate fault tolerance without complicating your network topology. 네트워크의 복잡함과 상관없이 fault tolerance 를 같는다. 왜냐? 서브넷이니깐 그 서브넷만 보면됨. 다른 서브넷이 아작난다 해도 서브넷으로 구성되어 있는곳은 별개의 독립되어 있으니 괜찮음. 그리고 서브넷을 구성하면 보안적으로도 굉장히 좋아 . 설정하는것을 생각해보면 훨신 편리하기도 함

(현대연구소를 생각해보자)

 

tip. 서브넷은 VPC Network 하위 개념이다.

Compute Engine

특이한건 없었음. scale up, scale out 이 있음. / preemptible VMs -> 배치작업할때 좋다는데 잘 이해가.. 안감

 

preemptible VM은 남아있는 VM 리소스를 값싸게 사용하되, 만약 그 리소스가 다른 곳에 필요한 경우 바로 작업을 종료해야 한다.

Important VPC capabilities

Much like physical networks, VPCs have routing tables (built-in)

1. These are used to forward traffic from one instance to another instance within the same network. 

2. Even across sub-networks and even between GCP zones without requiring an external IP address. 

 

firewall instance (built-in)

1.  You can control to restrict access to instances, both incoming and outgoing traffic. 

You can define firewall rules in terms of metadata tags on Compute Engine instances

2. you can tag all your web servers with say, "web," and write a firewall rule saying that traffic on ports 80 or 443 is allowed into all VMs with the "web" tag

Remember, I mentioned that VPCs belong to GCP projects

근데 이게 GCP 프로젝트가 여러개면 VPC간에 트래픽을 교환할수 도 있고(VPC Peering does), iAM 권한도 서로교환 할수 있어야하는데(Shared VPC)  다 가능하다.

 

앞에서 vm의 auto-scale 이야기를 했는데 사용자는 어떻게 이용하나? -> Cloud Load Balanceing : Cloud Load Balancing is a fully distributed, software-defined managed service for all your traffic.

load balancers don't run in VMs you have to manage, you don't have to worry about scaling or managing them. 

global load balanceing 도 있고 비지니스 로직과 프레젠테이션 사이의 로직안에 넣는 internal load balancing도 있다고 함

프로토콜별로 적합한 로드밸런싱이 있음

 

 

Cloud DNS 있다고 함

 

 

Cloud CDN: Google has a global system of edge caches . 빨리 전달해주는거

 

Once you've set up HTTPS load balancing, 

simply enable Cloud CDN with a single checkbox.

 

구글 VPC와 다른 네트워크의 연결을 원한다면 IPSEC 프로토콜을 사용하여 인터넷을 통한 가상 사설망 연결을 하는데, Cloud Router를 사용하면 다른 네트워크와 구글 VPC가 Border Gateway 프로토콜을 사용하여 정보를 교환할 수 있다.

 

큌랩: 컴퓨트 엔진 만들고(vm-1), 클라우드 쉘 이용해서 코드로도 하나 만들고 (vm-2)

vm-2에 웹서버 만들고 vm-1 ssh를 통해 접속해보고

vm-2 에서도 접속해보고 (curl 로)

외부 주소로도 접속해보고 끝 

 

시험: 2개 헷갈린다

An application running in a Compute Engine virtual machine needs high-performance scratch space. Which type of storage meets this need? Local SSD

 

For which of these interconnect options is a Service Level Agreement available? 이건 Important VPC capabilities." 강의 들으라고 한다 . 휴.. ]

 

아래부분 다시 읽어보기

Lots of GCP customers want to interconnect their other networks to 

their Google VPCs, such as on-premises networks or their networks in other clouds. 

There are many good choices. 

Many customers start with 

a Virtual Private Network connection over the internet using the IPSEC protocol. 

To make that dynamic, 

they use a GCP feature called Cloud Router. 

Cloud Router lets your other networks and 

your Google VPC exchange route information 

over the VPN using the Border Gateway Protocol. 

For instance, if you add a new subnet to your Google VPC, 

your on-premises network will automatically get routes to it. 

But some customers don't want to use the internet, 

either because of security concerns or because they need more reliable bandwidth. 

They can consider peering with Google using Direct Peering. 

Peering means putting a router in 

the same public data center as a Google point of presence and exchanging traffic. 

Google has more than 100 points of presence around the world. 

Customers who aren't already in a point of presence can 

contract with a partner in the carrier peering program to get connected. 

One downside of peering though is that it 

isn't covered by a Google service level agreement. 

Customers who want the highest uptimes for their interconnection with Google should use 

Dedicated Interconnect, in which customers get 

one or more direct private connections to Google. 

If these connections have topologies that meet Google's specifications, 

they can be covered by up to a 99.99 percent SLA. 

These connections can be backed up by a VPN for even greater reliability.