Skip to main content

Posts

Google Professional Cloud Security Engineer Exam Prep notes - Part 4

 Google API Private Access Private Google Access is configured at the subnet level and allows subnetworks to access GCP services privately. The resources in the subnet can access Google services without an external IP, for eg: Cloud storage, Youtube, etc. It offers better security as the exposure to outside networks is reduced, thereby minimizing the possibilities of data interception and attacks. Google cloud service accounts  These accounts are used for service-to-service authentication. For eg: an application in compute engine can use a service account to access a storage account  Two types of service accounts - Google-managed service accounts & user-managed service accounts In Google-managed service accounts, the private and public keys are managed by Google. Each key can be used for a max of two weeks. Private keys of google managed keys are never directly accessible and the platform itself manages the key rotation process With user-managed keys, only public keys...
Recent posts

Tech basics series : Containers , Microservices & Kubernetes - Part 3

 In the third part of our tech basics series on Containers, Microservices & Kubernetes, we will talk about Pods, ReplicaSets, and Replication controllers. If you are new here, do check out  Part 1  and  Part 2  of this blog series first!! What are Pods? Pods are the smallest object you can create in Kubernetes that encapsulates containers. Imagine a single node K8s clusters running a single pod. When the application needs to scale, you create additional pods of the same application. The pods can also be distributed across multiple nodes in a cluster. Usually, the relationship between pods and containers is 1:1, but it is not mandatory. There is a case of a side car  container as well, which could be helping the main application and included in the same pod. Every time a new pod of the application is created, both the main container and sidecar container are created together. They share the same network and storage and can connect to each other as localh...

Tech basics series : Containers , Microservices & Kubernetes - Part 2

Part 2 : Container orchestration using Kubernetes In the second part of our tech basics series on Containers, Microservices & Kubernetes , we will talk about container orchestration and Kubernetes. If you are new here, do check out Part 1 of this blog series first!! Why do you need container orchestration? Running a single application in a container might look simple and straight forward. However in the real world, there will be multiple other services that the application needs to talk to. The application should scale based on the capacity requirements. There should be a control plane that is capable of orchestrating these connectivity requirements, scaling, scheduling and lifecycle management of containers. That is where container orchestration comes into picture. Container orchestration solutions like Docker swarm, Mesos and Kubernetes offer a centralized tool for managing containers, scheduling and scaling containers. Of the many container orchestration platform Kubernetes is ...

Tech basics series : Containers , Microservices & Kubernetes - Part 1

 I am starting a set of new blog series to help those who are new to cloud technology - junior engineers, tech aspirants & students etc. I will try to explain the basics in simple terms that will help you develop a good foundation of the latest and greatest in cloud technologies. If you are a seasoned cloud expert, this series will act as a good refresher course! We will kick off with a series on containers, Microservices  & Kubernetes. After covering the basics we will move on to move advanced topics on how you can build and deploy containerized applications on various cloud platforms Part 1 - Containers What are containers? Containers bundle the application code, its dependencies and configurations required to run the application in a single unit. There are different container technologies available - Docker, Containerd, rkt and LXD. The most popular container technology is Docker . Containers are a form of operating system virtualization, where multiple applications...

Google Professional Cloud Security Engineer Exam Prep notes - Part 3

 Integrating existing identity management solution with Google Cloud Platform Given below are the  steps to integrate a third party identity management platform You should have a domain that is enabled for email. In case of a preexisting domain registered with Google or a non-existent domain you cannot proceed You should have permissions to verify domain ownership by creating txt or CNAME entry Implement SAML SSO if existing identity management system is to be used for authentication to GCP console Create the first cloud identity administration account and account for admin who will manage users in GCP Configure billing accounts- this can either be an online account or offline invoiced account linked to a Purchase Order. For applying for an invoiced billing account you would need to meet certain criteria , ie be a registered business for one year, have min billing of $2500/month for 3 months Create additional admin accounts like network admins or organization admins Use direct...

How cloud and AI are changing the future of our world - Tech talk

On January 28, 2023, I was given the opportunity to give a presentation at my alma mater, College of Engineering Poonjar , as a prelude of IHRD tech fest Tarang23. My manager at Google, Mr Sundar Pelapur , a veteran with two decades of experience in IT industry was my co-presenter . It was a great experience interacting with the next generation of Engineering talent , sharing with them our perspective of the topic " Disrupting the status quo: How Cloud and AI are shaping the future of our world ".   Sharing below an summary of the tech talk, and some useful reference materials, which I think will be helpful for young IT professionals and students who want to make a career in Cloud computing: We started off with  a brief history of cloud computing , on how the world has moved on from Mainframes in the 1970s to Server/client computing models and to the constructs of Public clouds today Let's define in simple terms what cloud computing is.. Its nothing but compute power an...

Google Professional Cloud Security Engineer Exam Prep notes - Part 2

   This blog covers review notes for logging, DNS security & Google Cloud web Security Scanner Service 1. Aggregated sinks Sinks can be constructed with the "includeChildren" parameter set to "True" for cloud organisation / folders. The logs from these organizations , folders , projects or billing accounts can be routed to these sinks. 2. DNS security extension DNS Security Extensions (DNSSEC) is the security protocol that enables authentication of DNS data. It is a DNS protocol extension that adds an additional degree of security by enabling users to digitally sign their DNS records, making it more challenging for attackers to tamper with DNS data. Customers can enable DNSSEC on Google Cloud's Cloud DNS service to safeguard their domains from unauthorized alterations. 3. Google Cloud web Security Scanner Service To find common vulnerabilities in web applications, such as those listed in the OWASP Top 10, customers can use the Google cloud web security sca...