Google Cloud Directory Sync (GCDS) is a free tool provided by Google, which is intended to automatically synchronize users, groups, domains, organizational units (OUs), and any other LDAP objects from your Microsoft Active Directory server (or OpenLDAP-compatible LDAP server) so that the data in Cloud Identity (or Google Workspace) matches the data in your LDAP…

Cloud Identity’s primary function is to manage identities. However, your organization may already use its own identity provider (IdP), for example, Azure Active Directory (Azure AD). From a user experience: In this scenario, it is important to mention the following: Exam Tip : Cloud Identity and Google Workspace are not limited to an IdP. They…

Similar to your data center’s DMZ (DeMilitarized Zone), each VPC network has a firewall that blocks by default all incoming traffic from outside a VPC network to all the instances (VMs) in your VPC. You can protect the perimeter of your VPC network by configuring firewall rules, which are a means to unambiguously control what…

Networking has traditionally been device-centric with IP addresses assigned to physical or virtual devices. This model does not always work well in the cloud. One of the advantages of using managed cloud services is that they abstract away from implementation details, like the type and number of servers supporting a service. For example, when you…

Picking the right database for your application is not easy. The choice depends on the use case: transactional processing, analytical processing, in-memory database, and so forth. We have three different relational database options: Cloud SQL: Provides managed MySQL, PostgreSQL, and SQL Server databases on Google Cloud. It reduces maintenance cost and automates database provisioning, storage…

Traffic Director is a GCP-managed service that provides configuration and traffic management (load balancing, traffic routing, security, and so on) for services based on various environments, such as Compute Engine instances, Google Kubernetes Engine, on-premises, or other public cloud providers. The key point that Traffic Director introduces is that the control plane (Istiod for clarity)…

Cloud Router configuration requires a unique name that is permanent, a VPC network, and a GCP region. Also, you must specify the ASN, which is a requirement for establishing BGP sessions with other BGP routers. Cloud Router announces by default all visible subnets, depending on whether you choose Regional or Global dynamic routing mode. In…

When you deal with large workloads, Google Cloud recommends regional GKE clusters with the VPC-native networking mode. This allows VPC subnets to have a secondary range of IP addresses for all Pods running in the cluster. With VPC-native mode, routing traffic to Pods is automatically achieved without adding any custom routes to the VPC. Designing…

Hot DR scenario for three-tier application in hybrid cloud: The database tier should include reliability as well. In GCP, this can be achieved with Cloud Spanner, which is a regional managed relational database service. To achieve database synchronization, the application tier must be modified to write consistently to both databases. Dedicated Interconnect and Cloud VPN…

Google and third parties (together known as service producers) can offer services that are hosted in a VPC network. Private services access lets you reach the internal IP addresses of these Google and third-party services by using private connections. This is useful if you want your VM instances in your VPC network to use internal…