Google Cloud Computing Foundation Course - Week 9 Lecture Notes Summary

Lecture 41: Cloud Pub/Sub

Cloud Pub/Sub Overview

• Managed messaging service for real-time data streaming.
• Enables fast communication between GCP services and applications.
• Reduces time spent on managing operations.

Use Cases and Features

• Ingests streaming event data for real-time processing.
• Delivers events to Cloud Functions, App Engine, Cloud Run (Push), and Kubernetes Engine or
Cloud Dataflow (Pull).
• Operates seamlessly in multi-region environments.
• Offers end-to-end encryption, IAM, audit logging, NoOps, and automated scaling.
• Synchronous cross-zone replication for data durability.
• Supports major languages and offers an open service API.

Publisher-Subscriber Model
• Publisher sends messages to a topic; subscribers receive messages asynchronously.
• Cloud Pub/Sub buffers messages between systems, ensuring smooth operation even during
message surges.
• Push notifications can be sent to secure web servers, while pull mechanisms work across the
internet.

Cloud Pub/Sub in Data Processing

• Positioned in the "Ingest" phase of big data processing models.
• Works alongside GCP tools like Cloud Dataproc, Cloud Dataflow for processing, and BigQuery
for analytics.

Practical Examples
• Push notifications in Gmail.
• Real-time search result updates.
• Budget broadcasting for advertising streams.

Lecture 42: API Management & Cloud Pub/Sub Recap

API Basics
• APIs provide clean interfaces for communication between applications.
• REST APIs enable legacy and new apps to communicate effectively.
API Management Tools
• Cloud Endpoints: Distributed API management system for API maintenance.
• Apigee Edge: A business-focused platform for API management, including rate limiting,
quotas, and analytics.

Managed Messaging Systems

• Used for ingesting, transforming, and analyzing large data volumes.
• Cloud Pub/Sub facilitates message passing between data collection and processing systems.

Lecture 43: Introduction to Cloud Security

Shared Responsibility Model

• Describes security roles between Google and the customer.
• Google handles lower-level infrastructure security (physical, encryption, network).
• Customers are responsible for securing data access using tools like Cloud IAM.

Encryption and IAM Best Practices

• Various encryption options are available for securing data.
• Cloud IAM enables secure authentication and authorization, with recommendations for best
practices.

Lecture 44: Google’s Security Infrastructure

Security by Design
• Google integrates security at all levels, from physical hardware to application communication.
• Data centers feature multiple layers of physical security.
• Custom-designed servers and networking equipment ensure secure operations.

Service Communication
• Google services communicate through secure Remote Procedure Calls (RPC), ensuring privacy
and integrity.
• Bug bounty programs encourage external researchers to find vulnerabilities.

Lecture 45: Understanding the Shared Security Model

Your Security Responsibilities

• Customers must secure data access using GCP tools like IAM.
• While Google secures physical infrastructure, customers manage access controls, data
encryption, and network security.
Resource Hierarchy and Cloud IAM
• Helps define and implement security policies for user and resource access.
• Critical for protecting data and ensuring compliance.

Questions with Answers

1. What is Cloud Pub/Sub?
• A managed messaging service for real-time messaging between GCP services and
applications.
2. What are the two types of subscriptions in Cloud Pub/Sub?
• Push subscriptions (e.g., Cloud Functions) and Pull subscriptions (e.g., Kubernetes
Engine).
3. What are some features of Cloud Pub/Sub?
• End-to-end encryption, automated scaling, cross-zone replication, and NoOps
functionality.
4. How does Cloud Pub/Sub ensure data durability?
• Through synchronous cross-zone replication.
5. What is the role of Cloud Pub/Sub in data processing models?
• It functions as an ingestion tool for event streams in the "Ingest" phase of big data
processing.
6. What tools are used for processing data after ingestion in GCP?
• Cloud Dataflow and Cloud Dataproc.
7. What are some use cases for Cloud Pub/Sub?
• Real-time event delivery, email notification systems, advertising stream management.
8. What is an API?
• An interface for communication between software applications.
9. What tools can be used to manage APIs in GCP?
• Cloud Endpoints and Apigee Edge.
10.What is the shared responsibility model in cloud security?
• Google secures the infrastructure, while customers are responsible for securing their
data.
11.What is IAM in GCP?
• Identity and Access Management, a tool for managing permissions and access to GCP
resources.
12.What encryption options are available in GCP?
• Google provides various encryption services, including encryption at rest and in transit.
13.What is Google's approach to cloud security?
• Security is integrated at every level, from data centers to application-level encryption.
14.How does Google secure its data centers?
• Through custom-designed hardware, strict access control, and cryptographic signatures.
15.What is an RPC in the context of Google services?
 • Remote Procedure Call, a method for communication between services.
16.What is the Google bug bounty program?
• A program that rewards external researchers for finding security vulnerabilities.
17.What are Cloud Endpoints used for?
• To create and manage APIs within GCP.
18.What is Apigee Edge?
• A platform for managing API proxies with business features like rate limiting and
analytics.
19.How does Cloud Pub/Sub handle message surges?
• It acts as a buffer, absorbing message inflows and preventing system overwhelm.
20.What is the role of Cloud Pub/Sub in Gmail notifications?
• It sends push notifications to alert users of new emails in real time.
21.What is the "Ingest" phase in big data processing?
• The phase where data is captured and brought into the system for processing.
22.What are Cloud IAM best practices?
• Regularly review access permissions, use least privilege principle, and implement strong
authentication methods.
23.What is Cloud Dataflow used for?
• For real-time data processing after ingestion.
24.How does Cloud Pub/Sub facilitate real-time indexing in search engines?
• It updates caches with the latest information for quicker search result delivery.
25.What is the difference between push and pull subscriptions in Pub/Sub?
• Push delivers events to serverless apps, while pull delivers to stateful services.
26.What is the purpose of resource hierarchy in GCP?
• To structure resources and apply access controls through IAM policies.
27.Why is security in cloud infrastructure important?
• It protects against data breaches, which can cause financial loss and reputational
damage.
28.What are the four phases of data processing in GCP?
• Ingest, Process, Store, and Analyze.
29.How does Cloud IAM improve security?
• By controlling who has access to which resources at all times.
30.What is Cloud Dataproc used for?
• For big data processing using open-source tools like Hadoop and Spark.
31.What are the advantages of using REST APIs?
• Ensures compatibility and communication between legacy and modern applications.
32.What is the function of synchronous cross-zone replication?
• Ensures data durability by replicating data across multiple zones.
33.How does Google handle service-to-service communication?
 • Through secure Remote Procedure Calls (RPC) with cryptographic privacy.
34.What is a key benefit of using Cloud Pub/Sub?
• It simplifies the development of event-driven applications by managing message
delivery.
35.What security model does Google follow for its infrastructure?
• A defense-in-depth approach with multiple layers of security.
36.How does Google secure its servers?
• Through cryptographic signatures and custom hardware.
37.What is Cloud BigTable used for?
• A NoSQL database used for handling large-scale data storage.
38.What is BigQuery used for in GCP?
• A data warehouse tool for fast SQL queries on large datasets.
39.What is the role of Cloud IAP in GCP?
• Cloud Identity-Aware Proxy secures applications by managing user authentication.
40.How does Cloud Pub/Sub handle global scalability?
• By being a multi-region service with automatic replication and high availability.